IT regulations
Section 1.0 Area to which these regulations apply; organisation
Section 1.1
These regulations apply to all use of the university college's information technology equipment – ICT equipment. ICT equipment means machinery, end-user equipment (including devices such as mobile phones and pocket PCs), networks, software, data, etc, that are made available by the university college – including local, national and international networks, or other parties' systems that such resources provide access to. The regulations apply to employees, students and others who gain access to the ICT equipment, hereinafter called "users".
Section 1.2
The regulations and any supplementary provisions are to be available on the university college's website. The user of an ICT system undertakes to keep informed about the prevailing ICT regulations and any supplementary provisions supplementing these.
Section 1.3
At the university college, there will be one or more employees who are responsible for the university college's ICT equipment or for parts of this. In these regulations, such persons are called ICT managers.
Section 2 The purpose of NLA University College's ICT system
Section 2.1
The university college's ICT system is to be utilised to carry out tasks relating to research, education and dissemination, and for necessary operations and administration.
Section 2.2
All the provisions in these regulations are to be interpreted on the basis of this purpose.
Section 3 Loyal and responsible usage
Section 3.1
The system owner may require users to identify themselves by stating their name, own user identity and own password, or in some other way.
Section 3.2
Users are co-responsible for ICT systems being utilised in the best way possible. Users must ensure their usage causes as little inconvenience to others as possible and must not misuse common resources. Usage that is not directly linked to the university college's objectives, including advertising and commercial usage, is only permitted if this is authorised by the institution.
Section 3.3
It is the user's responsibility to ensure that the information which is created, stored or disseminated on the university college's ICT system does not contravene these regulations or other rules of law (for example to make defamatory statements or discriminatory statements, spread pornography or confidential information, invade the sanctity of private life or encourage or contribute to illegal acts). Apart from this, users must refrain from using ICT systems that expose the university college to a significant risk of a loss of reputation. A user is responsible for all the acts carried out from the user's account.
Section 3.4
Users are obliged to comply with the system owner's and/or ICT operations manager's instructions regarding the use of the system or services linked to the system.
Section 3.6
Users may not without authorisation change or modify an ICT system or in any other way cause an ICT system to work in a different way to that presumed.
Section 3.7
If the employment, study or user relationship is terminated, the user is responsible for copies of data, software, etc, that are owned/utilised by the institution being secured for the ICT operations manager. Other files, etc, that are stored under the user's name, user identity or suchlike must be deleted by the user him/herself. If this does not take place within a reasonable period and at the latest within three months, the ICT operations manager may investigate and delete such files, etc. The same applies in the case of a death, but in such case the next-of-kin must be notified and given an opportunity to take possession of a copy of the material before any deletion takes place. If the user has not used the system or services for a 12-month period, the institution may assume that the user relationship has been terminated, unless otherwise agreed.
Section 4 Data security
Section 4.1
Users undertake to implement the measures which are expedient to ensure that any loss of data, software or suchlike will have as few consequences as possible - by taking backup copies, storing media satisfactorily, following recommended routines for using the network, etc. The ICT operations manager must provide information on the institution's routines and measures to safeguard the users' data. Users are aware that no ICT system can be completely secure, and will assume this when choosing a security solution.
Section 4.2
Users may not make personal passwords or similar security elements known to others.
Section 4.3
Users must be aware that software or data may contain unwanted elements (viruses, etc).
Section 4.4
Users undertake to prevent unauthorised persons from gaining access to use the network, access to systems or access to rooms where equipment is available, and otherwise in other ways undertake to help prevent unauthorised persons from gaining access to the equipment.
Section 4.5
Users undertake to immediately report any circumstances that may be of importance to the ICT system's security or integrity to their immediate superior or the ICT operations manager.
Section 5 Respect for other users, personal data protection
Section 5.1
Users may not try to obtain unauthorised access to other parties' data, software, etc. The ICT equipment may not be used with another party's user account, even if the other party has given his/her consent to this. An exception to this applies to ICT personnel when this is necessary due to operational circumstances.
Section 5.2
Users undertake to become familiar with the laws, regulations and rules that apply to the use of ICT systems, especially regarding the processing of personal data. The ICT operations manager may provide guidance on user conduct.
Section 5.3
In order to comply with the purpose of the regulations, cf section 2, the ICT system contains such things as tracking (logging) and backup copying functions. Users are aware that any other usage, including private usage, may also lead to personal data being registered.
Section 6 Use of resources, rights, etc
Section 6.1
Users must make sure that the university college's ICT system is not used for activities that contravene Norwegian law or normal standards of decency. For example, data or information that is illegal or indecent may not be fetched to, stored on or transmitted from the system.
Section 6.2
Users must be careful about using the system for activities that are not directly linked to academic activities, administration or their own research or studies.
Section 6.3
Normally, there are rights are linked to both computer programs and data (both text and collections of information, such as databases) that make usage dependent on agreements with a rightsholder. Users undertake to respect other parties' rights. If the user is in doubt about whether a right (licence) for such usage exists, this matter must be raised with the ICT manager.
Section 6.4
Users are not permitted to install software on the university college's system without the consent of the ICT manager. This is in order to ensure that the necessary usage rights (licences) exist.
Section 6.5
A user who information available to others, for example via the World Wide Web (www), undertakes to investigate whether this information has rightsholders and, if relevant, to enter into an agreement with these. Such rightsholders may be authors, musicians, artists, photographers and others.
Section 6.6
When the university college makes software, data or anything else available, users undertake to respect the limitations on use that follow from the university college's agreements with rightsholders. The agreements will always be available from the person responsible for operating the network.
Section 6.7
Users may not copy computer programs using the university college's equipment apart from in the way which follows from agreements on a right of use (licensing agreements).
Section 7 Guidelines on the use of email, the web, etc
Section 7.1
The university college's email system has some address lists containing the names of many persons. These lists are only to be used to spread messages that are relevant for the university college's administrative or academic purposes. The lists may not be used to spread information of a private nature.
Section 7.2
Users must be very reserved about sending emails with attachments to address lists. If files are to be made available to many people, this must be done by sending an email enclosing a link to common data areas on a file server, instead of by attaching a file, using www or using any other method according to which everyone has access to the same copy of the file.
Section 7.3
It is not permitted to send emails from NLA University College's network to address lists or other mass-distribution mechanisms at other institutions without the consent of the recipient institution.
Section 7.4
Notifications of a social nature, invitations to social gatherings, parties, events, etc, may be sent to address lists whose recipient group is relevant for the event in question.
Section 7.5
It is not permitted to use the university college's email system to force sales and marketing materials on other parties.
Section 8 Service quality, liability for damages
Section 8.1
Users are themselves responsible for the use of information, software, etc, made available through the system. The university college accepts no responsibility for any financial loss resulting from errors or defects in software, data, the use of information from available databases or other information obtained via the network, etc.
Section 9 (The ICT manager's) right to seek access to reserved areas
Section 9.1
The ICT manager is entitled to search the individual user's reserved areas in the system with the aim of
- safeguarding the system's functionality, or
- checking that the user is not infringing or has not infringed the provisions of these regulations.
Section 9.2
If the use of a workstation, terminal or other end-user equipment is monitored by operations personnel for operational or other reasons, this is to be made clear by a sticker on the device or in some other expedient manner.
Section 9.3
The ICT manager is subject to a duty of confidentiality regarding information about the user or the user's activities that the ICT manager obtains in this way, with the exception of factors that may represent a breach of these regulations, which may be reported to a superior.
Section 10 Use of private equipment on the university college's network
Section 10.1
When a user's own computer equipment is to be connected by cable to the university college's network, this is to be done via data points (sockets) that are intended for such connections and are marked as being suitable for such.
It is not permitted to disconnect the university college's own computer equipment and replace this with private equipment. This also applies if the university college equipment in question is defective or not in use.
Section 10.2
When a user's own equipment is being connected to the university college computer network, the internet addresses provided by the ICT manager must be used.
Section 10.3
It is not permitted to set up permanent services (servers) on the university college's network.
Section 10.4
Connecting to the university college network takes place on the user's own responsibility. The university college does not accept any responsibility for equipment that is damaged, stolen or in any other way destroyed in connection with usage in relation to the university college network or on the university college premises.
Section 11[AS6] Sanctions
Section 11.1
In the case of any breach, or suspected breach, of these provisions, user rights may be withdrawn for a period or permanently. A decision on this is made by the rector. In addition, sanctions may be enforced pursuant to other provisions determined by the university college or by Norwegian law.
Determined by the rector on 8 June 2010, applicable until new regulations are adopted by the Norwegian Association of Higher Education Institutions.