ABSTRACT

Rules are the set of instructions while Regulations are the set of rules and legal obligations which
controls the activity or process. Government and authorities make rules and regulations, and it
explains their functions and powers. They are essential for universities to operate efficiently, friendly
and pleasantly. University A in Victoria is implementing a new student management system (SMS).
We, as a security consultant hired by University A, are focused on instating the rules and regulations
for the student management system. In this study, we have prepared regulations, policies and
procedures. Obligations under these regulations, its significance and the consequences of breaching
the regulations are focused in this report.

INTRODUCTION
University A is implementing a Student Management Software which aids university in broad factors
such as decreasing expenses on compliance changes and student services, and it also help increase in
compliance rate and non-financial benefits. This new system will assist university in operating
efficiently and managing higher education services. Progress on universities responsiveness to
market conditions and compliance are key requirements of the management system. University also
expect to eliminate administrative and manual handling burden. In addition to it, organization
focuses on eliminating reputational threat from security breaches and compliance. Using third party
software or inhouse system or ready-made product are some concepts to set up workforce.

We as a team of security consultant are responsible for maintaining the rules and regulations. We are
responsible to define all the rules and regulations. Furthermore, obligations under those rules or
regulations and its importance are key factors that we have undertaken. The consequences of
breaching the obligations are mentioned and described in this report. Our team is also responsible to
define ways which helps in demonstrating compliance. Overall, starting from writing rules,
regulations and obligations to focusing on initiating the system are our prime tasks.

Privacy Rules, Regulations and Policies

Introduction
The privacy rules, regulations and policies establish a framework on how we gather, operate and
handle the information stored inside the student management system. We are obligated, bounded
and committed to schedule 1 – Australian Privacy Principles, and it amends according to privacy act
1988. This act regulates on how the personal information is collected, used, secured, handled and
disclosed.

Compliance
This is a compliance required under the Privacy Act 1988.

Intent
The rules, regulations and policies defined in this documents establishes a framework on gathering,
operating, handling and protecting personal privacy and confidentiality. The university is obliged to
Privacy act 1988.

Regulations
1. Collection of Personal Information
1.1 The university will collect informations in a fair and lawful way in accordance with the
privacy principle.

This study source was downloaded by 100000785907064 from CourseHero.com on 06-30-2022 02:38:18 GMT -05:00

https://www.coursehero.com/file/76459582/cybersecurity-assignment-2docx/
 1.2 The university will only collect informations that are necessary for the function of
student management system.
1.3 The university will use or disclose the data for the reason it was gathered (unless the
person has consented).
1.4 During the process of collection of personal information, the university follows following
steps to ensure that the person is:
 Aware of identity of information taker and the university.
 Aware of the reasons why the data is being collected.
 Allowed to access and modify the information.
 Aware that their information will not be used for any commercial use.
 Aware of any law that requires the collection of the information
 Aware of consequences for individual if they provide untruthful informations.
 Aware of their data being protected.

2. Cross-border Data Flows

2.1 This university has no branch outside the country. There will be no transfer of
information about any individual outside the country unless:
 The individual agrees to transfer the information with consequences being
advised by the university.
 University is authorized under the common wealth law to transfer the data.
 The transfer of data benefits the individual with his consent on it.
 It is a course of action for a performance of a contract between the organization
and the individual.

3. Data Breach Scheme

3.1 The university notifies individuals and the Office of Australian Information Commissioner
(OAIC) when a data breach is likely to harm individuals.
3.2 An assessment process will be made if university is unknown to the effect of the data
breach. The assessment process will initiate, investigate and evaluate the consequences.
3.3 A statement will be submitted to the commissioner if the breach is serious and harmful.

4. Complaints
4.1 If you want to appeal against our regulations or complain against us, please contact us
via email.
5.

This study source was downloaded by 100000785907064 from CourseHero.com on 06-30-2022 02:38:18 GMT -05:00

https://www.coursehero.com/file/76459582/cybersecurity-assignment-2docx/
 https://www.alrc.gov.au/publications/31.%20Cross-border%20Data%20Flows%20/summary-
%E2%80%98cross-border-data-flows%E2%80%99-principle

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

This study source was downloaded by 100000785907064 from CourseHero.com on 06-30-2022 02:38:18 GMT -05:00

https://www.coursehero.com/file/76459582/cybersecurity-assignment-2docx/
Powered by TCPDF (www.tcpdf.org)