Main navigation
System Access Agreement
Purpose
The purpose of this System Access Agreement is to inform Open Arms’ Outreach Counsellors (OPCs) and other client service providers (referred to as ‘Authorised User’, or ‘you’ throughout this Agreement), accessing and inputting information via Department of Veterans’ Affairs (DVA)-provisioned systems (the system/s), of their obligations and responsibilities as they relate to DVA information. Authorised Users may also have their data collected and used to service DVA and its clients.
This Agreement applies to the use of DVA’s systems throughout the duration of your use of them.
1.1 General Information
Open Arms ICT resources are Commonwealth resources and must be treated as such. The Department retains the right to:
- Collect personal Authorised User information as required;
- Monitor access logs and analyse the activities of Authorised Users and Departmental ICT services; and
- Conduct reviews and audits as necessary.
1.2 Authorised User Responsibilities
As an Authorised User of DVA systems, you must take steps to ensure ICT security including, but not limited to:
- Logging out or locking computers or other devices if unattended or not in use;
- Use all Departmental ICT resources in an appropriate manner that ensures the confidentiality and integrity of applications, systems and information; including but not limited to Open Arms’ Client Management System;
- Ensuring compliance with any legislation that is relevant to the use of Departmental ICT resources, including but not limited the Public Governance, Performance and Accountability Act, 2013, the Public Service Act 1999, Criminal Code Act 1995 and the Archives Act 1983;
- Accountability for any activity performed using accounts under your, as the Authorised User’s, control;
- Not providing passwords, or account credentials to any other person (Open Arms’ Service Desk will never ask for passwords);
- Not interfering with the security or access control measures on Departmental ICT resources including preventing Departmental ICT resources from receiving security, application or maintenance updates;
- Reporting any suspected or known breach of security policies including unauthorised access to any accounts under the Authorised User’s control to their Open Arms region contact as soon as possible;
- Label information with the correct security marking and appropriately handle sensitive information;
- Take all reasonable steps to protect the integrity and good reputation of the Department, its employees and its clients; and
- If The Authorised User is aware that any relevant documents are beyond their custody or control, then the Authorised User will provide full details to the Department of the whereabouts of those documents, and the identity of the person with custody or control of those documents.
1.3 Security Practices
Passwords are sensitive and must be protected from disclosure and compromise. Passwords must never be shared.
DVA systems must only be accessed within Australia. Access from an overseas location is not permitted without prior written approval from DVA.
Suspected or detected ICT security incidents are to be reported to your Open Arms region contact as soon as practicable or within no more than 24 hours. Examples of security incidents can include the following:
- Unauthorised access to an account or system;
- Defacement, alteration or deletion of web server files;
- Unauthorised modification to hardware or software; and
Theft or loss of equipment resulting in potential or actual compromise of classified or sensitive data
If you believe your account has been compromised, including the confidentiality of your password, you must notify the Open Arms Service Desk via email to OACMS.Support@dva.gov.au.
1.4 Privacy
As an Authorised User of DVA systems, you must ensure that you take steps to comply with the Privacy Act 1988 (Cth) including but not limited to:
- Ensuring you take reasonable steps to secure the Personal Information held on your systems;
- Agreeing that you will not do an act, or engage in a practice, that would breach an Australian Privacy Principle if done or engaged in by DVA. This obligation applies to you regardless of whether you are defined as a small business for the purposes of the Privacy Act;
- Taking reasonable steps to secure Personal Information when carrying out activities in connection with the performance of this System Access Agreement;
- Not sharing any Personal Information to any third party or using the information obtained for any purpose other than the performance of the services directed by DVA; and
- Cooperating with DVA in the event of a data breach or complaint and immediately notifying DVA of a potential or known breach.
The Department also collects client information, including sensitive information (as defined under the Privacy Act), for services provided by the Department. Any data or information collected, processed, stored, or transmitted in the Department from or about clients is to be used in accordance with the Privacy Act. Any data or information collected is only to be used for the purpose it is intended. You are expected to adhere to the Department’s Privacy Policy when collecting, using, disclosing and storing the Personal Information of clients.
1.5 Upon Conclusion of Engagement
If an Authorised User is no longer providing services on behalf of Open Arms and, by extension, DVA, they will ensure that they will:
- return to the Department all physical copies of the Departmental information (e.g. photocopies) that are within the Authorised Users’ custody or control;
- if Departmental information cannot be returned, the Authorised User is required to destroy all copies of the Departmental information (including any stored in electronic form on any equipment) and provide the Department with written confirmation that this action has been taken;
- no longer use the Departmental information;
- not breach any provision of this Agreement;
- continue their obligation that they will never disclose, copy, use or exploit the Departmental information without the written consent of the Department.
The Authorised User may retain one copy of Departmental information, including Personal Information, to the extent that legislation requires it to be retained by them, in which event the retained copy continues to be subject to all security requirements applying under this Agreement. This exception only applies if the Departmental information is stored in a physical location or server within Australia.
These obligations survive the termination of this Agreement.
1.6 Information Awareness
As a person who currently or previously provides services to the Department, you must not disclose any information that you are or were bound to not disclose. You acknowledge and accept that to do so may invoke the penalties stated in Laws, including: Criminal Code Act 1995 122.4A Communicating and dealing with information by non-Commonwealth officers etc.
1.7 Definitions
In this Agreement, unless the contrary intention appears the following definitions apply:
Australian Privacy Principle (APP) | The Australian Privacy Principles refers to the list of principles-based laws governing entities’ personal information handling practices, contained in schedule 1 of the Privacy Act 1988 (Cth). |
Authorised User | An Authorised User for the purposes of this System Access Agreement is a statutory registered Outreach Program Provider or their nominated administrative officer/s (PracMan), approved by the Department to have access to data and information that is collected, transmitted, processed, shared and stored on Department ICT resources. |
Open Arms region contact | The OPC should be assigned a regional contact however, should they not be please email: OPENARMS.OUTREACHPROGRAM@dva.gov.au for your assigned region contact. |
Laws | Includes any relevant:
Summary of laws within this Agreement: Criminal Code Act 1995 122.4A Communicating and dealing with information by non-Commonwealth officers etc. |
Personal Information
| Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
|