Rules of ICT Service Use at the University of Lapland
|
Version |
Date |
Modifications |
Author |
|
1.0 |
13.05.2016 |
Document created |
Esa Mätäsaho |
|
1.0 |
13.05.2016 |
Processed in the employee co-operation council |
|
|
1.0 |
16.05.2016 |
Approved by the Director of Administration |
|
|
1.01 |
12.02.2020 |
Deleted the section on the retention period of files and emails after expiry of access rights. |
Esa Mätäsaho |
|
1.02 |
1.11.2024 |
Suppliers responsibilities are taken into account |
Pekka Halmkrona |
|
|
|
|
|
|
|
|
|
|
Table of contents
1. Rules of ICT Service Use in brief
These binding rules concern all users. Including you.
These rules apply to the use of all of the University's ICT services, hardware, software and networks.
The University authorizes users to access its ICT services by granting user accounts or making services available.
Every user is personally responsible for all use of the services with his/her user account.
The provided ICT services are intended for work- and study-related use.
They may also be used for personal purposes within reason and in keeping with laws and good practices.
Other users' privacy and ownership of information must be respected at all times.
Use of the services for any commercial or propagandistic purposes is forbidden.
Unauthorized use is forbidden.
Use of services is monitored, and breach of these rules will be sanctioned.
2. Rules of ICT Service Use
The Rules of ICT Service Use bind and obligate all members of the university community, users of ICT services and systems, and all units of the University.
These rules apply to all of the University's ICT services and hardware and their use. They also apply to services made available or authorized by the University, for example the services offered by the member organizations of the Lapland University Consortium or the services of the CSC (IT Center for Science), including the services offered by the HAKA Identity Federation, the Funet Communication Network Services, etc.
2.1 Usage authorisation
Usage authorisation is granted by issuing a user account or making the service available.
Authorized users are allowed to use the university's ICT services. Compliance with the Rules of ICT Service Use is a prerequisite for authorization.
- The scope of usage authorization depends on the user's status and tasks (roles) at the University
- one person may have several roles
Usage authorisation is granted for a fixed term
The authorisation expires when
- the user’s study right at the University of Lapland ends
- the user’s employment relationship with the University of Lapland ends
- the granted fixed-term user account expires
Usage authorization can be restricted if there is justified reason to suspect that information security has been compromised or the services have been abused. The University will delete all files and mailbox contents when 180 days have passed since the expiry of the user account or usage authorization.
The user must remove all personal e-mails and files from the system before the expiry of his/her usage authorization. University staff members, as well as students who have worked in research teams or participated in other such activities, must transfer all work-related messages and files to the person specified with the supervisor.
All users must uninstall any software based on employee or student licenses from their home computers when their employment or study right ends.
2.2 User account
Users are authenticated in ICT Services with the user account. The user account is personal.
Every user is personally responsible for his/her user accounts
User accounts must be protected using strong passwords and complying with other instructions. If there is reason to believe that a password or other account details have been compromised, the password must be changed or the use of the compromised element must be prevented immediately.
- Never dispose or lend your username and password to other persons
- each user is responsible for all actions conducted using his/her account
- users are financially and legally liable for any damage or loss caused using their accounts, unless otherwise specified in the service contract of the supplier, in which case the supplier is liable for any harm or damage caused by an employee of the supplier in accordance with the sanction provisions of the service contract.
- the use of another person's account is forbidden, even upon the user's own request.
Group accounts can be granted upon request for special purposes
The use of group account can compromise the confidentiality of information. For example, in the case of using an administrator-level group account in order to use special software in a computer lab.
- The user who applies for a group account is responsible for the distribution of the account
- group accounts may only be used for the purpose specified in the application and granted permit
- every group account user is responsible for his/her actions conducted using the account.
2.3 Users' rights and responsibilities
The ICT services are intended for work- and study-related use
The University’s ICT services are intended to serve as tools in tasks related to studies, research, teaching or administration in the University of Lapland.
Small-scale private use is allowed
Small-scale private use refers to such actions as private e-mail conversations and online service use. However, private use must never
- disturb other use of the system
- breach the rules and instructions of ICT service use.
- propagandistic use is not allowed
- commercial use is only allowed in cases assigned by the University
- use for pre-election campaigns or other political activities is only allowed in conjunction with the University's elections and activities of the Student Union, student organizations or trade unions
- unnecessary consumption of resources is forbidden.
Laws must be observed
Material that is illegal or against common manners must not be published or distributed.
Everyone is entitled to privacy
The right to privacy, however, does not cover all work-related material that is in an employee's possession.
- All materials that are in students' possession are deemed to be private
- Staff members must clearly separate their private materials from work-related ones
-
- e.g. create a directory entitled "Private"
- this rule also applies to students working for the University.
Information security is everyone's responsibility
Any detected or suspected breaches or vulnerabilities in information security must be immediately reported to ICT Servicedesk: servicedesk@ulapland.fi.
- Personal passwords must never be disclosed to anyone
- everyone is obligated to maintain the secrecy of any confidential information that may come to one's knowledge
- abuse, copying and distributing other users' private information is forbidden.
As a precaution, the University is entitled to restrict or revoke the right to use its ICT services.
Setting up unauthorized services is forbidden
Only devices approved by the University may be connected to the ICT network. Only services authorized by the University may be produced using the university's ICT networks.
Bypassing information security mechanisms is forbidden
Usage rights must never be used for any illegal or forbidden activities, such as searching for vulnerabilities in information security, unauthorized decryption of data, copying or modifying network communications, or unauthorized access to ICT systems.
Parts and features of ICT systems that are not clearly made available for public use - such as system administration tools or functions prevented in system settings - must not be used.
Phishing for information and deceiving users is forbidden
Cheating and unauthorized acquisition of information is forbidden.
3. Other clauses
Validity
These Rules of ICT Service Use become effective 16 May 2016 and replace the earlier version of corresponding rules. After the date specified above, all new ICT services must be produced according to these rules.
Change management
These rules will be reviewed when needed to ensure that they comply with all valid services and laws. Any significant changes to these rules are addressed according to the co-operation procedure. The Chief Information Officer of the University of Lapland makes decisions concerning change needs.
Information about changes is distributed using the regular communication channels, never personally.
Exceptions from the Rules of Use
Permission for exceptions from the Rules of Use can be granted for compelling reasons upon a written application. Exceptional permits are granted by the Chief Information Officer of the University of Lapland. The permits may include additional terms and conditions, restrictions and responsibilities.
Monitoring
Compliance with the Rules of Use is overseen by the ICT Security Manager of the University of Lapland in cooperation with the ICT Services of the Service Centre of the Lapland University Consortium, as well as by supervisors within their job descriptions. Breaches of the rules lead to sanctions according to the applicable Legislation.
The Rules of Use are updated when necessary. The need for updates is monitored by the ICT Security Manager.
Further information
Rules and instructions concerning ICT services are available on the website of the University of Lapland.