Media Center

TEQSA e-News

Our events

TEQSA đã soạn thảo các nguồn tài liệu miễn phí này để giúp củng cố tính chính trực trong học tập tại các cơ sở giáo dục đại học của Úc. Các tài liệu này được sử dụng miễn phí bởi sinh viên, học giả và giảng viên, trong khuôn viên trường hoặc như một phần của hoạt động truyền thông tập trung vào sinh viên trên các trang mạng, mạng nội bộ, trong bản tin hoặc trên phương tiện truyền thông xã hội.

Bộ PowerPoint

Các tờ chiếu (slide) trình bày đại cương tính chính trực trong học tập và luật chống gian lận của Úc để sử dụng trong lớp học hoặc cho các bài thuyết trình tập trung vào sinh viên.

• Tải xuống bộ PowerPoint (329 KB)

Các áp phích

Bạn tải xuống và in các áp phích này hoặc sử dụng cho phương tiện truyền thông xã hội.

• Tải xuống áp phích 1 (PDF, 316 KB)
• Tải xuống áp phích 2 (PDF, 316 KB)
• Tải xuống áp phích 3 (PDF, 316 KB)
• Tải xuống biểu ngữ Gian lận không bao giờ là câu trả lời đúng (PNG, 275 KB)

Các tờ thông tin

• Tờ thông tin về Dự luật Cấm các Dịch vụ Gian lận Thương mại trong Học tập (2019) (PDF, 65 KB)

Nếu bạn có câu hỏi hoặc đề xuất về những tài liệu này, vui lòng gửi email đến academic.integrity@teqsa.gov.au.

Quay lại trang đích Hiểu biết về Tính Chính trực trong Học tập

Australian higher education providers must meet a range of obligations under the Higher Education Standards Framework (Threshold Standards) 2021 (HES Framework).

Our compliance monitoring approach supports us to identify any current or emerging risks of non-compliance with these obligations and target them proactively.

This work is informed by our Compliance Monitoring Framework, provider risk assessments and other information sources.

TEQSA uses a prioritisation model to identify risks and allocate resources. This includes setting annual compliance priorities to focus our work.

In the event we identify non-compliance with the HES Framework, our response is guided by our Compliance and Enforcement policy.

We also publish an annual compliance report that outlines our priorities and updates the sector on progress from the previous year.

This report also includes guidance for higher education providers to help them meet obligations.

Further information

• Compliance monitoring framework
• Compliance priorities
• Compliance and enforcement policy
• Compliance reports
• Risk assessment framework
• Compliance in focus

The circumstances

In 2022, TEQSA noted an increase in changes of ownership. This is not surprising, given the COVID-19 pandemic’s significant financial impact on the higher education sector. In several instances, experienced senior leaders, including members of the governing body, left the organisation soon after this change of ownership.

As quality higher education relies on robust and competent corporate and academic governance, changes of ownership can present significant risks, particularly when the new owner has limited experience in the provision of higher education.

Our role

TEQSA monitors the ownership of higher education providers and pays close attention to any transitions, whether they be through mergers, acquisitions or changes in shareholding arrangements. This is to understand the extent and impact of these changes, such as changes to strategic direction, course offerings and key personnel, and be assured that students will not be unduly disadvantaged by these changes.

Domains 5 and 6 of the HES Framework require providers to exercise competent oversight of their operations so they adhere to all standards and the TEQSA Act. In instances of changes of ownership, sections 6.1 and 6.2 clearly outline our expectations regarding what is required from a provider both in terms of corporate governance and corporate monitoring and accountability.

What providers can do

As members of the governing body, new owners are expected to be well informed about the entity’s operations and risks, and to be diligent in understanding and attending to the breadth of governance responsibilities as required by the HES Framework. Specifically, new owners should understand their obligations under:

• section 6.1: Corporate Governance
• section 6.2: Corporate Monitoring and Accountability
• section 6.3: Academic Governance.

As a starting point, new owners should consider:

• familiarising themselves with all relevant legislative requirements and obligations
• ensuring that delegations are documented and reflect accountabilities and timeframes for compliance
• engaging an independent expert to review the entity’s mechanisms for compliance and identifying areas for improvement
• reviewing any pre-acquisition continuous improvement plans and modifying these to account for any changes in strategic direction
• reviewing the risk management framework and risk register, to ensure these are current and that risk mitigation measures remain appropriate. 

Resources

• Guidance note: Academic governance
• Guidance note: Corporate governance
• Guidance note: Academic leadership
• Guidance note: Academic quality assurance

The circumstances

In 2022, TEQSA received an unprecedented number of notifications relating to cyber security incidents. These included serious data breaches leading to unauthorised disclosures of personal information and cyber security incidents involving ransomware attacks.

The Australian higher education sector has extensive networks of IT systems and a wide network of users. Its significant holdings of personal information about staff and students and highly valuable repository of world-class research, including intellectual property and research data, present an attractive target for malicious cyber activity.

Our role

Maintaining information security was one of TEQSA’s five compliance priorities in 2022. Under the HES Framework, providers must:

• ensure that information systems and records are maintained, securely and confidentially to prevent unauthorised or fraudulent access to private or sensitive information (paragraph 7.3.3(b))
• promote and foster a safe environment, including by advising students and staff on actions they can take to enhance safety and security online (standard 2.3.4)
• have a critical incident policy and readily accessible procedures (standard 2.3.5)
• take preventative action to mitigate foreseeable risks to academic and research integrity (standard 5.2.2)
• exercise due diligence to identify, prevent, and manage risks within a provider’s remit of operations (domain 6).

Additionally, a cyber security incident or significant data breach would trigger an MCN, as there is a heightened risk to students and staff, academic and research integrity, and possible reputational damage.

Our focus

Our key focus was on the providers’ response to cyber security incidents, including:

• whether the provider met its legal and regulatory obligations, for example, reporting under the Notifiable Data Breaches Scheme and the Security of Critical Infrastructure Act 2018
• how the incident was detected and whether the detection was through routine monitoring
• what the provider did to identify the extent of the problem, minimise the impact and mitigate further or future risks
• whether actions taken in response to the incident were guided by policies and procedures, and whether the framework is routinely reviewed to ensure it remains fit for purpose.

We noted that most cyber security incidents occurred due to the lack of vigilance in following security protocols. Staff agility and preparedness in addressing cyber security incidents were crucial to minimising disruption and further malicious activity.

Our assessment of providers’ responses depended on the information included in the initial notification. In most cases where the provider voluntarily disclosed the information outlined above, we had confidence that the provider was taking appropriate action and we closed the matter. However, in some cases where the notification contained scant information, we sought more information and provided guidance to assist their response. Undoubtedly, comprehensive MCNs build our confidence in the maturity of providers’ governance and the effectiveness of their risk management frameworks.

What providers can do

• Awareness is the first step to preventing cyber security incidents. Providers should ensure that students and staff (including sessional staff) are appropriately trained on how to safeguard sensitive information and access to it.
• Providers must have appropriate policies to identify and address cyber security incidents, and ensure that such policies translate effectively into practice and are embedded in daily operations.
• Providers should be mindful of cyber security threats associated with learning management systems (LMS), particularly if their courses are delivered by a third-party provider.
• Should a cyber security incident occur, providers should take prompt action in accordance with their security and incident response plans, paying close attention to the wellbeing and safety of all affected parties. 

Resources

• Strategies to mitigate cyber security incidents