System Access Rules

SYSTEM ACCESS RULES FOR CONCRETE GREY CARD TRAINING PARTNERS

 

The TfNSW Concrete Grey Card Training Program provides digital training records for workers in NSW performing works and services in relation to bridges and structures and rigid pavements.  The Grey Card System is operated by Metro Trains Australia Pty Ltd trading as More Than Assurance (MTA).

These Rules set out terms and conditions that apply to use of the Grey Card System by training partners delivering the TfNSW Concrete Grey Card training (Grey Card Training Partner):

Grey Card Training Partners are granted access to the Grey Card System for the purpose of accessing or uploading information for the TfNSW Concrete Grey Card Training Program (the Permitted Purpose).

Grey Card Training Partners must comply with these Rules, including to protect information stored on the Grey Card System (GCH Information).  Grey Card Training Partners will be responsible for ensuring that each user who accesses the Grey Card System on their behalf complies with these Rules.  Without limitation Grey Card Training Partners must:

(a)    Implement practices, procedures and systems to ensure that their authorised users comply with these Rules (including by revoking access to the Grey Card System in the event of a breach);

(b)   Regularly monitor and assess privacy and security measures in place regarding access to and use of the Grey Card System by their authorised users; and

(c)    On at least an annual basis, audit compliance with these Rules by their authorised users.

All actions taken by users of the Grey Card System are logged and will be subject to audit to ensure compliance with these Rules and other terms and conditions that apply to the TfNSW Concrete Grey Card Training Program.  In addition, Grey Card Training Partners who upload Statements of Attainment, Certificates of Achievement, Certificates of Completion or other evidence that a training competency or qualification has been obtained (Training Records) to the Grey Card System are subject to audit by MTA and the Concrete Grey Card Service Desk for quality assurance.

By accessing, logging on to or using the Grey Card System you agree to be bound by the terms set out below. If you do not agree to these terms, please log out of the Grey Card System immediately.

You must:

Security of the Grey Card System

  1. Keep your user login and password confidential and not share your user login or password with any other person (you will be responsible for any action on the Grey Card System using your login);

  2. Not use the user login and password of another user;

  3. Ensure your user profile includes your full name and a specific email address for reporting purposes, rather than a generic name or email address (e.g. Employer Admin1);

  4. Ensure the physical security of the devices you use to access the Grey Card System at all times, especially if you are using a laptop or other portable device;

  5. If any device you use to access the Grey Card System is affected by any network or security concerns, including suspected virus activity or any network security bypass, disconnect that device from the Grey Card System until the issue is resolved;

Confidentiality and use of GCH Information

  1. Use appropriate technical and organisational measures to protect GCH Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure;

  2. Keep all GCH Information confidential at all times and not use GCH Information for any other purpose other than the Permitted Purpose or as required by any laws or regulations;

  3. Not copy, remove, store, use, or disclose GCH Information outside the Grey Card System, except for the Permitted Purpose or as required by any laws or regulations;

Information Quality

  1. Take reasonable steps to ensure that any information you enter or upload to the Grey Card System is accurate, complete, up-to-date, relevant and is not false or misleading;

  2. Not intentionally or recklessly enter or upload new GCH Information that is, or alter or delete existing GCH Information so that it becomes, inaccurate, incomplete, out-of-date, irrelevant, false, or misleading;

  3. Promptly notify the Concrete Grey Card Service Desk if you become aware that any information in the Grey Card System is inaccurate, incomplete, out-of-date, irrelevant, false or misleading;

Compliance management

  1. Promptly notify the Concrete Grey Card Service Desk of any breach or suspected breach of these terms or if you become aware of or suspect any data breach or unauthorised disclosure or access in respect of any GCH Information and provide all reasonable information, updates and assistance to assist the Concrete Grey Card Service Desk and MTA in respect of investigating, assessing, reporting and remediating the incident;

  2. Comply with any additional instruction or direction given by MTA in relation to your access to or use of the Grey Card System, including to ensure that action items arising from audits conducted by MTA or Concrete Grey Card Service Desk are completed and closed by the due date;

  3. Indemnify MTA for any costs and expenses incurred by MTA in investigating and remedying any breach of these terms (including costs and expenses incurred by MTA in the restoration of any affected GCH Information, which for the avoidance of doubt, would include any GCH Information that has been deleted, misrepresented or falsified);

Rules Review and Amendment

  1. MTA and Transport for NSW (TfNSW) may review these terms and in the event that any changes to these terms are proposed by MTA and TfNSW, then MTA will notify all Grey Card Training Partners 30 days prior to the change taking effect.

Declaration

I agree to these terms as a condition of my participation in the TfNSW Concrete Grey Card Training Program.  I understand that MTA or TfNSW may suspend, block or revoke my access to the Grey Card System if I fail to comply with these terms.