Paradigm Access Policy
This policy applies to all users of the Paradigm EMS (Paradigm), licenced by the Australian College of Theology. This includes, but is not limited to ACT students as well as staff members of both the ACT Limited and its affiliated colleges which have been granted access to Paradigm.
Section 12 of the 2012-2016 Affiliation Agreement confirms that college personnel will take all reasonable steps to “protect the disclosed personal information from misuse” or “unauthorised access”. This policy seeks to clarify the proper use of information in Paradigm.
Paradigm users (other than students) have access to view the student and academic records for all students within the database, not just those studying with an individual affiliated college. Much of the success of the ACT network relies on the ability to share information about students in the consortium, allowing students the maximum flexibility to transfer to different colleges for different units and courses efficiently.
Student records in Paradigm must only be viewed by staff when assessing eligibility for future studies or current progress in units and courses, allowing for informed course progress advice etc. Such access by a Paradigm user within an ACT affiliated college, when the student has not studied at that college, is dependent on the student giving permission to do so. Access by ACT Office employees to student records is to be in relation to student administration and academic data purposes only. Permission to access records in Paradigm for academic purposes is implied when a student applies to a particular college.
Examples of improper use of Paradigm:
1) Using the information for a non-academic purpose. An example of misuse of Paradigm would be if a current or former ACT student applies for a position within an organisation which has access to Paradigm information (such as the ACT Limited or an affiliated college) and chooses not to provide details about their ACT study to the potential employer, it would then be unreasonable for the potential employer to use their Paradigm access to review the applicant’s academic records. The potential employer should contact the applicant to request further information (should the applicant be willing to offer it), or request the applicant’s permission to access the applicant’s student records within Paradigm.
2) Creating, modifying or accessing unauthorised reports about college data, which is not part of the staff’s employing college, either via ready-made reports, Report Builder or Paradigm reports linked in an Excel Spreadsheet. An example of such activity would be to access information about enrolled students in scheduled units at another college.
Any student found to have accessed the data of any student or graduate when not authorised to do so will be automatically excluded from the ACT course in which they are enrolled, and the matter reported to the police as a possible offence.
The policy was approved by formal motion at the meeting of the Academic Board on 13 November 2015.
Login accounts, as maintained by ACT office and approved by ACT Registrar:
- must be secured with a strong password
- Users must update their initial password assigned to them by ACT or their college.
- Users must not share access to their account with others.
- A unique email address is to be associated with each account.
- Login accounts are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the IT systems.
- No generic accounts are permitted (e.g. college.registrar), unless granted by ACT e.g. for API purposes.
- User activities are logged on the system for tracking purposes.
- Users must set a new password if they suspect that their password may have been compromised.
- Users without government reporting requirements (e.g. creating a student, course or unit enrolment) as part of their job, must notify ACT to downgrade their permission level to avoid unnecessary government reporting errors.
- Users that have not accessed their account within 14 days of creation, will have their accounts deactivated.
- Users that have not accessed their account within the last 6 months, will have their accounts deactivated.
- The re-activation of a login account requires a written request to Academic Services via Email.
Login accounts procedures updated 08 February 2021