S.E.C.U.R.E. Framework

Standard 2.3: Wellbeing and Safety

Standard 2.3 requires providers to support student wellbeing and safety by providing access to support services, promoting safe environments, and protecting students from harm. It includes attention to mental health, disability needs, and cultural safety.

The S.E.C.U.R.E. framework aligns with this standard by requiring that GenAI use avoids harm to individuals or groups. Its ethical use category prompts staff to consider whether their intended use may be discriminatory, culturally unsafe, or harmful—particularly in relation to vulnerable populations or First Nations cultural knowledge. This ensures that GenAI is not used in ways that compromise personal safety, wellbeing or dignity. Although primarily a staff-facing tool, its principles promote a safe institutional environment by discouraging inappropriate or harmful applications of emerging technologies in education. This aligns with the provider’s obligation under Standard 2.3 to create and maintain safe and supportive conditions for all members of the academic community.

Standard 5.2: Academic and Research Integrity

Standard 5.2 of the Higher Education Standards Framework requires institutions to maintain and promote academic and research integrity through robust policies, preventative measures, and education. Providers must take active steps to mitigate foreseeable risks such as plagiarism, data misuse and misrepresentation, while also addressing breaches and promoting good practice. The standard emphasises both institutional accountability and staff and student capability, requiring that guidance and support be in place to uphold integrity across teaching, research, and partnerships.

The S.E.C.U.R.E. framework aligns with this standard by embedding safeguards against the improper use of GenAI in academic and professional contexts. It requires staff to actively consider whether their use of GenAI may involve ethical risks, misuse of intellectual property, or unauthorised handling of data. Where risks are identified, the framework mandates mitigation or escalation, ensuring that staff do not proceed without proper oversight. This reinforces the principle that academic integrity is not just an individual obligation but a shared institutional responsibility. By prompting users to assess use cases against criteria such as ethical impact, data sensitivity, and copyright compliance, S.E.C.U.R.E. acts as a first-line defence against the types of integrity breaches identified in Standard 5.2.

Importantly, the framework supports capability building without requiring staff to be AI or legal experts. It provides accessible guidance and consistent decision-making pathways, making responsible GenAI use achievable across the organisation. S.E.C.U.R.E. also encourages reflective practice by requiring staff to document decisions and justify use when risks are present. In doing so, it fosters a culture where academic and research integrity are actively upheld in emerging technological contexts, consistent with the expectations of the Higher Education Standards Framework.

Standard 5.3: Monitoring, Review and Improvement

Standard 5.3 requires providers to conduct regular monitoring and review of courses, teaching, and student outcomes. It includes the use of data, benchmarking, and feedback to identify risks and inform continuous improvement. The standard also expects institutions to use findings from reviews to enhance quality and reduce the likelihood of compliance failures.

The S.E.C.U.R.E. framework supports this standard by embedding an evaluative mindset into everyday decision-making around GenAI. It prompts staff to pause, assess risks, and reflect on the appropriateness of their intended use. Where issues are identified, users are required to mitigate them or escalate for approval. This process inherently generates records of decisions that can be used for institutional monitoring and review. Over time, this supports the identification of emerging risk patterns or training needs and enables more consistent application of policy. Although it is not a formal audit mechanism, the framework contributes to an evidence base that can be incorporated into broader institutional quality assurance and continuous improvement processes, consistent with the intent of Standard 5.3.

Standard 6.1: Corporate Governance

Standard 6.1 requires providers to maintain a formally constituted governing body with responsibility for ensuring compliance with the Higher Education Standards Framework and overseeing the award of qualifications. The governing body must ensure that policies and procedures are in place to maintain quality, protect institutional integrity, and mitigate risks across all operations, including through the delegation of authority, periodic review, and informed decision-making.

The S.E.C.U.R.E. framework aligns with this standard by operationalising governance responsibilities relating to GenAI use. Rather than relying on ad hoc individual discretion, it provides a structured mechanism for identifying, managing, and escalating risk in accordance with university policy. It supports a clear chain of responsibility by defining when staff must seek approval and by whom. This ensures that decisions about AI use reflect the institution’s governance frameworks and risk tolerances, not just individual judgments. The framework helps institutions demonstrate compliance by linking the day-to-day use of GenAI to overarching governance obligations, including those related to data security, ethics, and reputational protection. It also supports ongoing review by promoting documentation and transparency of decisions—key components of responsible oversight in line with Standard 6.1.

Standard 6.2: Corporate Monitoring and Accountability

Standard 6.2 requires that providers demonstrate effective, sustainable operations, including the ability to identify and mitigate risks and ensure quality through appropriate controls. Institutions must maintain compliance, monitor performance, manage critical incidents, and take corrective action where required.

The S.E.C.U.R.E. framework contributes to this standard by enabling institutions to manage GenAI-related risks at scale through a standardised, accountable process. It ensures that staff interactions with GenAI fall within institutional risk tolerances and that risky use cases are escalated before harm occurs. This enables proactive management of emerging issues, consistent with institutional risk appetites and compliance responsibilities. By generating records of decision-making and supporting staff in identifying when risks must be escalated, the framework helps institutions track usage patterns and intervene where practices may present institutional vulnerabilities. These features collectively support transparent, auditable and responsive institutional accountability aligned with Standard 6.2.

Standard 7.3: Information Management

Standard 7.3 requires providers to maintain secure, accurate and confidential information systems that support compliance, protect privacy, and prevent unauthorised access or disclosure. Records must be authentic, auditable, and maintained in line with legal and ethical obligations, including academic and research integrity.

The S.E.C.U.R.E. framework aligns with this standard by ensuring that GenAI use does not compromise the integrity or security of institutional data. It explicitly prohibits entering sensitive or identifiable information into third-party systems without appropriate safeguards. Categories such as ‘Security Credentials’, ‘Confidential Information’, and ‘Use of Personally Identifiable Information’ directly support compliance with institutional data governance rules. In doing so, the framework reinforces secure staff behaviours and prevents unauthorised disclosure of protected information. While not a records system itself, S.E.C.U.R.E. guides how data is handled in AI contexts, thereby supporting institutions in meeting the privacy, confidentiality and information management expectations outlined in Standard 7.3.