Rules for the use of University of Helsinki information systems and networks | |
|
Approved by the Rector's decision on 15 December 1998 (180/98). Effective as of 1 January 1999.
|
|
I INTRODUCTION | |
1. |
The University of Helsinki aims to provide the University community with appropriate opportunities
for the use of information systems and networks. In order to provide appropriate working
conditions, it is of utmost importance to observe the following rules and conditions, which
define the rights and responsibilities of both users and providers of information technology facilities.
|
2. |
These rules shall apply to the use of all information systems and networks in the possession of,
or connected to the networks of, the University of Helsinki.
|
3. |
The units in possession of the above-mentioned information systems and networks shall hereafter
be referred to as the IT facility provider. In practice, the operation of the information systems and
networks is the responsibility of designated system administrators.
|
4. |
Similar guidelines for acceptable use, including ethical considerations, are observed in a number of
other communities of which the University's information systems are a part or to which the
University's information systems are linked. These communities include, e.g., FUNET
(Finnish University and Research Network), Nordunet and the Internet Society.
|
5. |
These rules are based on the following general principles:
all users must have the opportunity to appropriately use the IT facility;
other users may not be disturbed;
privacy must be respected.
|
6. |
The IT facility provider may complement these rules by issuing instructions concerning the
use of individual equipment, software and networks. The IT Department of the Administration
Office may issue instructions concerning the whole University.
|
II RESPONSIBILITIES OF IT FACILITY PROVIDERS | |
1. |
The IT facility provider is responsible for maintaining appropriate working conditions. For
this purpose, the IT facility provider will identify system administrators. A list of the system
administrators must be available to the users.
|
2. |
The IT facility provider must take adequate care to oversee user administration and the monitoring of usage logs.
|
3. |
The IT facility provider is responsible for making the terms of usage of the systems, as well
as relevant instructions, available to the users. These instructions must also be available in printed form.
|
4. |
The IT facility provider is responsible for informing the users of changes made in the systems and,
when necessary, for providing adequate supervision.
|
5. |
System administrators are expected to respect the privacy and confidentiality of information that they may become privy to in the course of their work.
|
III RIGHTS OF IT FACILITY PROVIDERS | |
1. |
In order to carry out their duties, system administrators are entitled to restrict and regulate the use of information systems.
|
2. |
System administrators have the right to access user files and examine network traffic without
the user's permission only and exclusively in cases where the disturbance in the system cannot
be otherwise solved or there is due reason to suspect criminal activity or other serious misuse
of the system. The system administrators may examine only such files or network connections,
or their parts, that are suspected of affecting the operation of the systems or are suspected of
being relevant to the misuse of the system.
The above-mentioned procedures must be recorded and reported to the parties concerned, or in cases of misuse, reported to the IT Security Manager.
|
3. |
The IT facility provider has the right to limit the methods of communication used through the
University's information systems and networks. These media are expected to be in conformity
with technical standards and other established practices of the international network community.
If these conditions are not fulfilled, the communication may be restricted, as long as the content
of the messages is not interfered with.
|
IV RESPONSIBILITIES OF IT FACILITY USERS | |
1. |
These rules shall apply to systems requiring user authorisation; in part, these rules also apply to non-authorised systems.
|
2. |
In using the systems, users are expected to recognise their responsibility in the maintenance of
appropriate working conditions and to show consideration for other users. Users are expected
to take the necessary precautions concerning IT security, in conformity with the University's IT Security Policy.
|
3. |
User IDs are personal, and each and every user should use only his or her own username and
identification. Exceptions to this rule are cases where use of an alias or nickname is allowed,
as well as course and group IDs issued for a specified purpose. The holder of the ID is responsible
for its appropriate use. The IDs, passwords and PIN codes related to user rights must be handled
with care in order to avoid misuse.
|
4. |
Instructions given by the system administrators must be observed.
|
V RIGHTS OF IT FACILITY USERS | |
1. |
Authorised users have the right to use the computer equipment, software and network for legitimate
academic purposes, and, to a lesser extent, for personal, non-commercial purposes, as stipulated by
the conditions of the authorisation.
|
2. |
Users may make suggestions to the IT facility provider for the improvement of computing services.
|
3. |
A user may make a specific complaint to the head of the relevant unit or to the Director of the
IT Department concerning actions taken by the IT facility provider against the user.
|
VI RESTRICTIONS OF USE | |
1. |
The use of the University information systems and networks, and the use of any communication
media through the information systems and networks, such as electronic mail, must primarily be
relevant to research, teaching, studies, administration or other activities of the University. Use of
the IT facility for other purposes is possible only by explicit authorisation of the IT facility provider
and must comply with other restrictions of use.
|
2. |
It is forbidden to interfere with other users. Both direct disturbance and indirect disturbance
(such as wasting the resources of the information systems and networks) are forbidden.
|
3. |
It is forbidden to use or attempt to use systems requiring authorisation without one's
personal ID. Attempting to access a system by using a false ID, or exceeding or
attempting to exceed one's privileges is also forbidden.
|
4. |
It is strictly forbidden to disclose IDs, passwords and PIN
codes relevant to user rights.
|
5. |
It is forbidden to evade or attempt to evade quotas and other
restrictions of use.
|
6. |
It is forbidden to modify or attempt to modify the equipment and software without permission.
This also applies to single-user systems.
|
7. |
It is forbidden to search for and make use of known or undiscovered flaws in IT
security without special authorisation by the IT facility provider.
|
8. |
It is forbidden to use the University information systems and networks for attacking
or for attempting to attack other systems.
|
9. |
Activities generally regarded as unacceptable by the international network community,
including inappropriate group mail, chain letters and transferring of viruses, are forbidden.
|
10. |
Unauthorised copying, possession and dissemination of software or data is forbidden.
|
VII MISUSE AND ITS CONSEQUENCES | |
1. |
Misuse of the information systems and networks includes all activities that
interfere with the legitimate use of the system
cause disturbance in the network to which the user's system is connected, or in another system of the network
violate the present rules
exploit parts or features of the system that are explicitly forbidden in the present rules
are forbidden by the IT facility provider.
|
2. |
In cases of misuse of the University's information systems and networks, the University's own
audit and restriction procedures shall be applied.
|
3. |
In suspected cases of misuse, the system administrators have the right to prevent or restrict
access to the system pending the investigation, if deemed necessary. The user must be
contacted without delay so that the investigation can be resolved in a timely manner.
|
4. |
Misuse by University employees shall be dealt with in accordance with the relevant
legislation on civil servants and the Contracts of Employment Act and their provisions
with respect to the consequences of disregarding instructions issued by the employer.
Misuse by other users shall be dealt with as stipulated by the Universities Act.
|
5. |
In cases of misuse, the user's right to access the system may be temporarily suspended.
Suspension of access for students may be ordered by a head of unit in the IT Department
or the Director of the IT Department.
|
6. |
In minor cases of misuse, a system administrator, head of unit or the Director of the IT Department
may issue the user a warning.
|
7. |
Especially in serious cases of misuse, when the misuse has caused damage to the University or to
outside parties, the University may refer the matter to the authorities for investigation.
|
8. |
Users should bear in mind that the use of information technology is regulated by legislation
(Personal Data File Act, criminal code, Copyright Law) and that they may be held liable for damages.
|
Updated by Pekka.Niklander