Parish Handbook

Appearance

7. Information technology and parishes

Introduction

The Archdiocese recognises that information technology (IT) is an integral part of parish administration. It strongly encourages parishes to take advantage of the great benefits offered by this technology, but it also cautions against irresponsible and inappropriate use.

The purpose of this chapter is to set out procedures to maintain the integrity of the Archdiocese’s IT system and, in particular, to safeguard the often sensitive data that it stores.

The chapter also outlines acceptable use of the IT system by parish clergy, parish employees, volunteers and contractors.

IT advice and assistance

The Archdiocesan IT department should be the first option for any parish requiring IT support. The department can contract with parishes to provide all the services required in establishing and maintaining a secure and efficient IT system.

Information system services provided by the IT department include:

  • Catholic Archdiocese of Melbourne and parish computer systems (PACEM)
  • data protection
  • training (instructor-led and online)
  • local, wide-area and wi-fi network
  • internet, including content filtering
  • computer equipment (purchasing and repairs)
  • software (purchases and installation)
  • printing services (large/small and desktop)
  • email (desktop and mobile)
  • lecture rooms and audiovisual services
  • phone services
  • mobile phones
  • fax and voicemail
  • systems design and advice.

Contact the support team via email at service.desk@cam.org.au or call 03 9926 2600.

Instructions for lodging support requests can be found at Asta-CAM ICT Support.

What is the ‘IT system’?

The IT system includes internet and email, hard drives, networks, electronic devices and other electronic communication systems and internet-enabled applications.

Use of the IT system

The IT system must primarily be used for conducting the normal business of the parish. However, occasional and reasonable personal use of the IT system is acceptable, as long as it does not interfere with work in any way or purport to be an action of the parish.

The use of the IT system must comply with the following overarching requirements:

  • Authorised users are granted access to parish resources, sensitive data and external networks on the basis that their use of the IT system will be responsible, ethical and lawful at all times.
  • Authorised users are required to observe the Archdiocese’s policy and comply with Australian or other local laws that may apply in accessing, distributing, creating, communicating and/or receiving material via the IT system.

When accessing the Archdiocese’s IT system, the following are strictly prohibited:

  • use of the IT system to conduct business other than official parish business
  • use intended to humiliate, intimidate, abuse, offend or vilify another person
  • accessing or transmitting any offensive material or pornography
  • uploading, downloading or storing commercial software, games, music videos or other intellectual property in violation of its copyright
  • any form of gambling, other than those sanctioned by the Archdiocese, such as a football tipping competition
  • any use of the IT system that may cause embarrassment or loss of reputation to the parish or the Archdiocese
  • any use of email or the internet to generate or forward material that is inconsistent with the teachings of the Church or would otherwise discredit or in any way harm the Church
  • use of the IT system to gain access to any service or data for the purpose of causing damage or harm
  • storing or transferring any information in breach of the Data Security Policy.

Monitoring IT use

The parish and the Archdiocese have the right to monitor the use of its IT systems by any user for legitimate business reasons, including compliance with Archdiocesan IT policy, compliance with any applicable laws and industry regulations, and where there is reasonable suspicion of activities that may violate Archdiocesan policy.

If reasonably requested to do so, individuals must provide any details to verify compliance with the requirements outlined in this chapter.

All IT systems, including email and internet accounts maintained on a parish’s computing systems, are the sole property of the parish through the Archdiocese.

Where appropriate, violation of the requirements outlined here may result in disciplinary action, including termination of employment and/or legal action.

Data security

The Church’s information is one of its most critical assets and needs to be both protected and used wisely to support the Church’s mission.

Much of this information is held in electronic form. Clergy, staff, volunteers and contractors are required to ensure the integrity and security of data.

The parish Data Security Policy is aimed at ensuring all confidential information and personal information is protected from unauthorised and/or accidental disclosure.

What data is subject to this Security Policy

This policy refers to all electronic information created or kept by the parish and the Archdiocese, except for information that is in the public domain (unless it is in the public domain because of a breach of this policy).

Electronic information includes software, intellectual property, manuals, advice, public relations information, contact details. It is stored on local drives, individual PCs, on network directories or applications, finance systems, payroll systems, in online accounts and in ‘cloud’ systems.

Expectations for handling Archdiocesan information

All staff, volunteers, contractors and agents are required to adhere to the following expectations in handling the Archdiocese’s electronic information:

  • Unless necessary for your duties, do not remove any electronic information from Archdiocesan systems or computers.
  • Keep all files (other than your personal information) on a shared drive.
  • Use a password that has at mixture of alpha and numerical characters (often this is dictated by the system itself).
  • Do not use passwords that can easily be identified (e.g. your name or date of birth).
  • Do not leave your password written down where it can be easily accessed.
  • Change your password regularly and any time it is compromised or you suspect it may have been compromised.
  • Do not give your password to anyone. They should have and use their own login and passwords. You are responsible for access obtained and usage under your login in and password. The only person who has authorised access to your password is the system administrator.
  • Lock your computer if you are going to be away from your workstation for an extended period of time.
  • Secure sensitive files with their own password protection.
  • When Archdiocesan information is stored or transferred for the purpose of legitimately accessing the information offsite, appropriate security protocols must be followed by the carrier of the information, and appropriate security measures must be provided on home computers and/or portable devices such as portable storage devices where diocesan information may be accessed.

Electronic communication including social media and photographs

Clergy, employees and volunteers need to consider the most appropriate methods of communication with children and young people. The Safeguarding Unit has published an Electronic communication including social media fact sheet to assist parishes ensure electronic communications, including the use of social media, are conducted in an appropriate and safe manner.

There are many situations where organisations take and publish photographs and videos of children and young people (e.g. for use in organisational publications or social media pages). When taking photographs or video of children and young people in a parish context, it is  important to ensure that the photographs or video are taken for an ‘organisational purpose’ that has been approved by parents and carers. For further guidance, please refer to the Safeguarding Unit’s Photography and video of children and young people fact sheet.