IT rules and regulations
Instructions for using IT equipment at Kristiania University College.
- Scope and publication
- Purpose
- User accounts
- Security
- External services
- Using IT equipment
- Saving, backup and storage of data (for employees)
- Saving, backup and storage (for students)
- Copyright-protected material and licences
- Protection of personal data
- Use of private IT equipment
- Access to information / disclosure of data
- Sanctions
1 Scope and publication
- These rules and regulations apply to all users of the college’s IT equipment and IT systems.
- IT equipment means computers, computer networks, software, data, storage media and the like made available by Kristiania University College.
- Users are obliged to familiarise themselves with the content of the regulations before starting to use the IT equipment and to keep informed of the prevailing regulations and any supplementary provisions to these rules.
- These rules and regulations are available to students at https://kristiania.no/the-service-center/, and on the intranet for employees.
- Contact details for the IT department can be found at https://kristiania.no/the-service-center/.
2 Purpose
- The purpose of these rules and regulations is to ensure that use of the college’s IT services is in compliance with Norwegian legislation and compatible with the college’s activities.
- These rules and regulations should contribute to data security and operational reliability, and thus support students and employees in their work.
3 User accounts
- Creating user accounts
New students and employees receive access to the college’s IT equipment by creating a user account with a username and password. In exceptional cases, groups of people can be assigned a shared user account. - Terminating user accounts
Employees’ user accounts are deleted after their last working day unless otherwise agreed with HR. Students’ user accounts are deactivated after they have completed their studies, unless otherwise agreed with the programme administration. - Passwords
Passwords are personal and should not be shared with others. When users are told to change their password, they should choose a password that cannot be easily cracked by others (for example, do not use names, date of birth, make of car, etc.). If there is suspicion that third parties have gained knowledge of the password, the password should be changed immediately. - Unauthorised use
Users are obliged to prevent unauthorised persons from accessing their user account. If users discover that there has been unauthorised access or attempted access, or there is suspicion that third parties have gained knowledge of the password, this should be reported immediately to the IT department. - Users are responsible for all actions performed from their user account.
4 Security
- Access
Users must not use the college’s IT systems to gain or attempt to gain access to systems or information to which they are not supposed to have access. This also applies in the context of teaching or research. - Logging out
Due to the risk of misuse, users must prevent unauthorised access to information by logging out or using a password-protected screensaver when they are away from their computer. - Malicious software
Users must ensure that software installed on their computer is not harmful to the computer or IT systems (i.e. that it is free from viruses, malware, etc.). In general, software that is installed should be approved by the IT department. - User guides and procedures
Users are obliged to familiarise themselves with user guides, procedures or equivalent in such a way that they reduce the possibility of ignorance creating a risk of vulnerabilities, operational stoppages or loss of data. - Users must exercise caution when opening unknown files, e-mail attachments, files from unknown memory sticks, and the like. This is to prevent the equipment from being infected with malware such as viruses, spyware and Trojans. If such an event does occur, the IT department must be notified as soon as possible.
- The IT department may at any time block all services that could entail a security risk.
5 External services
- The use of services (for example on the Internet) that could damage or prevent the normal operation of the college’s IT systems is prohibited.
6 Using IT equipment
- Users should not generally use the IT equipment for activities that are not directly related to the college’s activities.
- Users must ensure that the college’s IT systems are not used for activities that violate Norwegian law.
- Disconnecting or moving the college’s IT equipment without prior agreement from the IT department is prohibited. This does not apply to laptops that are used by employees.
7 Saving, backup and storage of data (for employees)
- Employees must ensure that work-related information is available to the employer, and, as a rule, other employees.
- Work-related information must be saved on solutions that are made available by the college.
- Data belonging to the college must be saved in such a way that it is backed up. Data saved locally is not backed up.
- Users are personally responsible for having sufficient backup copies of data that is stored locally on the device.
8 Saving, backup and storage (for students)
- Students are personally responsible for their data. However, data in the learning portal and in other systems made available by the college is safeguarded in the same way as the college’s other data.
- Users are personally responsible for having sufficient backup copies of data that is stored locally on the device.
9 E-mail (for employees)
- All employees must follow the college’s e-mail policy.
10 Copyright-protected material and licences
- Use or sharing of intellectual property must only be done in accordance with the Norwegian Copyright Act.
- Downloading and/or sharing copyright-protected material without authorisation from the copyright holder is not permitted.
- Copying software or other copyrighted/licensed data (such as fonts, images or the like) from the college’s IT equipment is prohibited.
- Software made available by the college must only be used in accordance with the licence agreement. Many of the programs for which the college has licences are only permitted to be used in teaching, and must therefore not be used for private or business activities. The IT department can clarify licence terms as needed.
11 Protection of personal data
- Use of personal data must be in accordance with the Norwegian Personal Data Act. The college’s data protection officer can provide guidance in relation to the protection of personal data.
- Personal data must only be registered by agreement with the IT department. This applies regardless of purpose (research, studies, etc.).
- Storage media (such as CDs, DVDs, memory sticks, external hard drives, paper documents, etc.) containing personal data and/or confidential information should be handled and stored in a manner that ensures that such information does not fall into the hands of third parties. Printouts containing personal data and/or confidential information that are no longer needed by the employee must be shredded. Obligations under this provision supplement non-disclosure agreements, for those bound by them.
12 Use of private IT equipment
- Use of private IT equipment on the college’s network must be via wireless network access.
- Connection to the college’s network is at your own risk. The college takes no responsibility for any equipment that is damaged, stolen or otherwise destroyed in connection with use on the college’s network or on the college’s premises.
- Users are required to have up-to-date anti-virus software and to ensure that their system has all security updates installed.
13 Access to information / disclosure of data
- Kristiania University College shall not disclose information about users or data belonging to a user in contravention of Norwegian law or internal regulations at Kristiania University College.
- The IT department is entitled to seek access to each individual user’s reserved areas with a view to 1) securing the system’s functionality, or 2) checking that the user is not violating and has not violated the provisions of these rules and regulations. It is a requirement that such access only be applied for when it is of great operational importance or it is the college’s responsibility, and only if there are particular grounds for suspicion. Permission for access to e-mail must be applied for separately.
- If the IT department requires such access, permission must be obtained in advance from the HR Director (for employees) or the Director of Academic Affairs (for students), unless there are particularly serious reasons for immediate intervention. Such serious reasons must be documented after the intervention.
- If the use of a computer, mobile phone or other end-user equipment is monitored by the IT department for reasons of operational reliability or other considerations, this shall be indicated with a label on the device or similar.
- The IT department has a duty of confidentiality with regard to information they acquire about the user or the user’s business, with the exception of matters that represent a violation of these rules and regulations.
14 Sanctions
- In the event of a breach, or suspicion of breach, of these provisions, the IT department may without further notice revoke user rights for up to five days.
- The HR Director (for employees) and the Director of Academic Affairs (for students) can permanently revoke user rights.
- In addition, sanctions may be applied pursuant to other provisions at the college, or according to Norwegian law.
Adopted by college management 26 June 2018