UCA’s management and personnel shall aim to follow this policy. Interested and third parties can use this policy as a guide.
This policy applies guiding principles for information management.
(i) policy statements -
(a) IMS documentation shall be designed, developed, validated, verified, implemented, reviewed and subject to internal and external audits.
(b) Intellectual property and copyright shall be managed using a combination of agreements (industrial, service, product) and organizational practices.
(c) When people visit UCA’s website, our internet service provider (ISP) shall maintain information about the visit, and may record the following information:
i) address of the computer used to access our website;
ii) top level domain name of the network used to access our website;
iii) date and time of access to our website;
iv) pages accessed and documents downloaded from our website;
v) previous website visited;
vi) search term used to find our website; and
vii) type of browser used to access our website.
(d) UCA shall collect, store and use personal information necessary for the provision of products and services to customers, personnel and where required by third parties. We take all reasonable steps to prevent unathorised access to, maintain disclosure of, and secure personal information to reduce the misuse or loss of personal information. In providing these products and services, we seek each person’s consent for the use of their personal information to allow UCA to communicate effectively with the customer, deliver contract requirements, and in most cases, where customer consent is received, share approved information with third parties. If personal information is shared with third parties it shall be done to:
i) prevent a serious and imminent threat to your or another’s life, health, or safety;
ii) prevent a serious threat to the community’s health or safety; and
iii) assist in the prevention or investigation of an offence or breach of a prescribed law.
(ii) procedure-in-practice -
(a) documentation shall be released in a timely manner within UCA
i) IMS documentation – after business decisions have been made to modify policy, procedure and supporting documents, the Compliance Manager shall make the modifications, record the modifications then notify relevant management, staff, sub-contractors, customers, interested and third parties.
ii) Product documentation - transition from old to new products (training packages, accredited courses), learning materials (learning package, toolboxes, textbooks, etcetera),and software are available within 12 months of their publication (National Training Information System) to staff, suppliers and customers.
(b) intellectual property and copyright shall be recorded on UCA’s product register, and if approved by the Managing Director, releases it in a timely manner for use by personnel and/or customers, and may be published on the Australian Business Register, Australian Security and Investments Commission, IP Australia, and UCA’s website (www.uca.qld.edu.au) .
(c) Individuals can obtain, request a change or request an internal review about a decision to access their personal information held at UCA by contacting the Compliance Manager, UCA, address. Australia. Requests shall be made in writing via letter, facsimile or email; and shall be acknowledged in writing within 14 (ten working) days from the date on which the application was received, and UCA shall process the request within 28 (20 working) days from the date on which the application was received. Applicants shall be advised in writing of UCA’s decision. Personal Information shall be made available to personal information owner or after express consent for release to the third party identified by a photographic image. UCA shall use lawful and fair methods which include informing students of the authorised, required and/or legal reasons; use (up-to-date and complete records, does intrude on the personal affairs of the student); and sharing of personal information with third-parties.
(d) a records management system shall
i) conduct preliminary investigation;
ii) analyse business activity;
iii) identify requirements for records collection:
iv) assess existing records management systems to inform the design and implement a records management system to ensure hard or soft copy data-
a) is accurate, preserved without modification, and able to be verified without unauthorised use, disclosure or for any other purpose other than the agreed relevant purpose for the personal information in an accessible electronic or hardcopy format with easy access for retention, archiving, retrieval, and verification each week by personnel.
b) is disclosed to third-parties (Australian Government, Tuition Assurance Scheme agency/body) with a record of authorised persons; conditions; and steps to access the personal information.
- Where information disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; the Records Officer makes a file note about the disclosure.
- A person, body or agency to whom personal information is disclosed shall not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency (Commonwealth Privacy Act 1988).
c) is transferred, where required within 14 (ten working) days of ceasing to operate as a business to its registering body .
d) is disposed of by a commercial information security business, off-site. Computer disks shall be broken or cut then placed in a waste bin. Obsolete electronic records shall be deleted from network drives and memory devices, freeing space to reuse directories and memory devices.
This policy commitment for management, personnel (employed staff & sub-contracted suppliers), customers (students), interested parties (visitors) and third parties (accredited conformity and government assessment body representatives) is essential.
Managing Director, 31 December 2017