View Document

Email Policy

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Purpose

(1) The purpose of this Policy is to outline the University’s direction around the use of email to meet society expectations, legislative obligations and enabling QUT to leverage email services to meet its objectives.

Top of Page

Section 2 - Application

(2) This Policy applies to any person creating, managing, using and/or otherwise granted access to QUT’s email systems and services and should be read in conjunction with the Acceptable Use of Information and Communications Technology Resources Policy.

Top of Page

Section 3 - Roles and Responsibilities

Position
Responsibility
Users of email
Use email resources in accordance with the requirements of this Policy.
Heads of Departments, schools, faculties and divisions
Within their area of control:
  1. promote all users' awareness of this Policy;
  2. ensure emails that are records align to this Policy; and
  3. define standards for use that accord with this Policy.
Vice-President (Digital) and Chief Digital Officer
Provides, manages and monitors QUT email system in line with this Policy.
Investigates alleged breaches to support disciplinary action depending upon the nature of the breach of this Policy.
Vice-President (Administration) and University Registrar
Disciplines students found to have used the University's email system and/or supporting services resources in an unacceptable manner.
Reports use of email involving illegal actions or material to the appropriate law enforcement agency or other statutory authority (in cases requiring urgent action with law enforcement agencies, initial contact may be made by Information Security staff and/or the Manager, Security and Emergency Management, with notification as soon as practicable to the Vice-President (Administration) and University Registrar).
Vice-President (People) and Chief People Officer
Provides advice to the Vice-Chancellor and President on staffing matters and ensures appropriate disciplinary processes are undertaken for staff found to have used the University's email systems in an unacceptable manner.
In exceptional circumstances, approve email access to parties once a staff member has ceased their appointment at QUT on recommendation of the relevant Executive Dean, Head of Division or equivalent senior officer.
Top of Page

Section 4 - Relationship to TEQSA Threshold Standards

(3) This Policy assists the University to satisfy the provision of Information Management 7.3, section 3, of the Higher Education Standards Framework (Threshold Standards) 2021 , to ensure “Information systems and records are maintained, securely and confidentially”.

Top of Page

Section 5 - Availability and Use of Email

(4) QUT provides electronic mail (email or e-mail) to staff, students and approved members of the University community (e.g. honorary and adjunct staff, members of QUT Council) to enhance communication and promote greater efficiency in teaching, research, community service and administration. The University has adopted standard corporate messaging systems and support for non-standard systems is not provided. It is expected that all use of QUT email will be in accordance with the Acceptable Use of Information and Communications Technology Resources Policy.

(5) Digital Business Solutions is responsible for providing and supporting QUT's email systems and mail agents on central servers.

Top of Page

Section 6 - Email Address Aliases

(6) QUT email addresses or aliases (for both individual accounts and email distribution lists) are created based on a strict set of criteria and naming conventions (QUT staff access only). The Vice-President (Digital) and Chief Digital Officer, Digital Business Solutions, has responsibility for determining email alias conventions.

(7) Additionally, Heads of Departments, schools, faculties and divisions have the capacity to create and use alternative email aliases based on their position description (e.g. registrar@qut.edu.au). This strategy may also be employed by other positions or for specific functions (e.g. privacy@qut.edu.au). The Staff IT Helpdesk provides further advice on set-up and management.

Top of Page

Section 7 - Staff Email as Official Records

(8) Email messages sent or received by QUT staff in the performance of their duties are official records of QUT and must be managed in accordance with the University's Records Governance Policy. As official records, ownership of email messages rests with QUT rather than with the individual staff member.

(9) When forwarding emails, staff should be careful and consider the Information classification standard available from the Information security policy and standards webpage (QUT staff access only) and privacy obligations (Information Privacy Policy) for the contents contained within email.

(10) Automatic email forwarding may be permitted under specific circumstances by request where a legitimate and demonstrated need can be discerned and with explicit approval from the Head of School or Head of Department. Requests must be made via the appropriate service offering in QUT’s Service Management System.

(11) Approved automatic email forwarding configurations must adhere to all the previously stated obligations including information classification and privacy. Requests for automatic email forwarding will be subject to periodic review to ensure their ongoing necessity and compliance with University policies.

(12) All staff members using email as a means of communication have a responsibility to capture and retain messages so that they are accessible as records to meet business and evidential needs over time. QUT's policy is that emails are captured and managed in the University's electronic recordkeeping system (QRecords) or other appropriate corporate system. Given QUT's obligation to retain records under relevant legislation and standards, periodic deletion of email messages irrespective of their content or the business activity they support is inappropriate. Email messages must be stored and retained for the period specified in the University Sector Retention and Disposal Schedule or the Queensland State Archives General Retention and Disposal Schedule.

(13) Staff should be aware that, as official records of the University, email messages may be subject to release to applicants under the Information Privacy Act 2009 and Right to Information Act 2009.

Top of Page

Section 8 - Email Attachments

(14) The total email size including attachments is limited to 35 megabytes. Staff should use alternatives such as OneDrive, MS Teams, SharePoint or Wiki to transfer or share files larger than these email limits. Executable attachments (programs) are not accepted by the QUT email system. This reduces the risk of malicious software and viruses being spread via email at QUT. Recipients of emails with such attachments receive a message that their email attachment has been rejected and the reason for this.

Top of Page

Section 9 - Email Profiles

(15) All staff and students are allocated an email profile. More information is available on the QUT students email webpage (QUT staff and students only) and the email and calendar webpage in the Digital Workplace (QUT staff access only).

Top of Page

Section 10 - QUT email Distribution Lists (Interest Groups)

Organisational Lists

(16) Digital Business Solutions is responsible for the implementation, management and system support for an organisational email list system, the objective of which is to provide email distribution lists based on organisational units or groupings of staff or students. Staff members are unable to opt off organisational lists, campus lists, and certain other groups set up to inform staff about important matters such as security or health and safety. In some cases, affiliates can be added to an organisational list and this must be authorised at the level of Head of School / Head of Department.

Large Email Distribution Lists and Attachments

(17) For email distribution lists containing more than 100 members, alternatives such as SharePoint, Wiki or OneDrive must be used to transfer or share attachments. For some email distribution lists attachments are either not permitted or restricted in size and the use of a service such as OneDrive or SharePoint is mandatory.

Staff Self-Subscribe Email Distribution Lists

(18) QUT provides some email distribution lists or news groups to which staff may subscribe according to their individual needs or interests. Staff members may add or remove themselves from the staff self-subscribe email lists via the Digital Workplace (QUT staff access only). Some lists may allow any staff member to send an email message to subscribers (e.g. qut.classifieds) and where this can occur, messages should be relevant to the purpose of the list. Self-subscribe email distribution lists are restricted to staff only.

(19) The creation of new self-subscribe lists must be approved by the Vice-President (Digital) and Chief Digital Officer. Given the need to conserve information technology resources, requests to create new lists should address the appropriateness of restricting the ability to send to the subscriber group (e.g. qut.parking).

(20) Further information on QUT email distribution lists is available from the Email Lists Main Menu in the Digial Workplace (QUT staff access only).

Top of Page

Section 11 - Decommissioning of Email Accounts

Student Email Accounts

(21) Unless otherwise directed by the Vice-President (Administration) and University Registrar, upon graduation alumni retain access to a QUT email account to support their continued involvement with QUT and their knowledge journey. If a student has not graduated, and does not have any active enrolments, then their email account will be decommissioned.

Staff Email Accounts

(22) Staff access to email is removed after the staff member's cessation of employment with the University, or as directed by the Vice-President (People) and Chief People Officer.  Human Resources will notify QUT’s email team of cessation of employment in advance (if possible) to facilitate this activity.

(23) It is the responsibility of the Head of Department or school to ensure that records contained within emails of a staff member who has ceased employment with the University are appropriately stored to remain accessible and retained for the period of time required by the University Sector Retention and Disposal Schedule and the Queensland State Archives General Retention and Disposal Schedule.

Top of Page

Section 12 - Email Transaction Records

(24) The University keeps a backup of all email. Logs of internet access and email are automatically generated and, in the case of email, include the time a message is received and the location of its origin, the time a message is retrieved by a user, the user name which was used to authorise the sending of a message, and the size of the message and the identity of the sender and receiver.

(25) Access to these logs is available to a small number of Digital Business Solutions technical staff solely for the management of the email resource, for diagnosis and resolution of faults, to detect and manage IT security breaches, and when staff are no longer employed or not available and the email is required for business continuity or service delivery purposes.

(26) Information contained in these logs is used or disclosed in accordance with QUT policy, including Information privacy with the authorisation of the Vice-President (Digital) and Chief Digital Officer.  Emails can also be released when staff are no longer employed or not available and the email is required for business continuity or service delivery purposes.

Top of Page

Section 13 - Email Protection

(27) Digital Business Solutions provides protection to the reputation of email and associated systems. This is done through automated technologies that filter potentially harmful content such as spam, malware, and fraudulent messages. QUT also enforces DMARC (Domain-based Message Authentication, Reporting and Conformance) requiring sending services on behalf of QUT to also comply. Staff members within QUT should consult with Information Security when implementing a business process that is reliant on email to ensure that the process can be adequately supported within this framework.

(28) When using email users should:

  1. be suspicious of unknown links or requests sent through email or text messages;
  2. don’t open email attachments from unknown sources, and only open attachments from known sources after confirming the sender;
  3. consider declining requests for personal or sensitive information via email, even if the request appears to be from a trusted source;
  4. verify the authenticity of requests from companies or individuals by contacting them directly;
  5. respect the privacy and personal rights of others;
  6. the private commercial use of email and messaging is not allowed. Messaging and email must not be used for private commercial purposes; and
  7. report spam or phishing attempts to QUT information security.
Top of Page

Section 14 - Email Etiquette

(29) Managing emails is essential to managing workplace stress. Email etiquette is therefore essential. Email messages should be as short and specific as possible, having regard to their impact on the recipient, intent and their function as a record of University business.

(30) Given that email is generally an insecure means of communication consideration should be given to the appropriateness of using email to distribute confidential or sensitive information.

(31) Individual work groups within the University should establish their own standards for expected response times to emails, but given the immediacy of email as a method of communication short response times would normally be expected. Further advice on other aspects of email etiquette (or best practice), including use of Blind carbon copy / BCC is available from the Digital Business Solutions best practice website (QUT staff access only).

Top of Page

Section 15 - Delegations

(32) Refer to Register of Authorities and Delegations (VC005, VC036, VC037, VC038, VC131)