1. Scope of regulations
1.1 These regulations apply to the use of IT services at the University of Agder. “IT services” include UiA computers and IT systems, end-user equipment, networks, programs, data etc. that is put at the disposal of employees and students by the University of Agder. Local, national and international networks, or other computers and systems that may be accessed through these resources, are also included.
The regulations apply to employees, students and all others who are given access to IT services, hereafter termed ‘users’.
1.2 Regulations are to be clearly visible in relevant locations as for instance terminal rooms and must also be available electronically. Copies of the regulations are available at the Division of IT. When registering for the first time, users should be informed about or given a copy of the regulations.
1.3 All users have a duty to keep themselves informed about the most recent version of the regulations.
1.4 Changes in the regulations must be adopted by the University Board. The University Director has the authority to adopt minor changes to the regulations. In such cases the University Board should be fully informed about the Director’s decision.
2. Loyal use of IT resources
2.1 When a service requires user identification, the person in question has to authenticate his/her identity by way of user name, password or in another regular manner.
2.2 Users have a duty to comply with operating staff’s instructions concerning the use of IT services. Users also have a duty to familiarize themselves with available manuals in order to minimize the risk of operational disruptions or loss of data due to ignorance.
2.3 When the user’s formal connection with the university is at an end, he/she is responsible for ensuring that copies of data, programs etc. that belong to the university are not deleted, but turned over to the Division of IT centrally or to a local IT officer. Private files/data should be deleted by the user within a period of three months. If this is not done, the material may be deleted by the IT department. In cases of death, the inheritors can take over the material by agreement.
3. Security
3.1 No user must take actions that result in operational disruptions in any part of the system or in any other way may cause inconveniences for other users.
3.2 Users who make use of other storage devices than those allocated by the Division of IT are themselves responsible for securing these devices against data loss. Such devices include local hard disk, external hard disk, USB drives etc.
3.3 It is the duty of the user to keep the password and other security elements secure and confidential.
3.4 If a user discovers that his/her password can be identified by using computerized control routines, the user must change password as soon as possible.
3.5 A user must, as far as possible, prevent unauthorised persons from gaining access to the net and IT services or to rooms where IT equipment is available. User name and password must never be shared with others.
3.6 It is the duty of the user to be aware that programs or data may contain unwanted elements (“virus”) and make sure that the advice issued by the Division of IT concerning such elements is being followed.
3.7 It is the duty of the user to report matters that may be of significance to the security of the Division of IT or the integrity of the supervisor, to the local IT officer or the Division of IT.
4. Respect for other users and privacy protection
4.1 A user must not seek to achieve unauthorised access to the data, programs etc. of other users, or attempt to gain knowledge of other users’ password/security details.
4.2 Users must be familiar with regulations that concern personal information. Computer-based files which contain information about individuals or about companies or organisations (juristic persons and corporate bodies) will normally only be created after getting permission from The Norwegian Data Protection Authority. If a user should wish to register information about persons, the user in question needs to ascertain that permission to do so has been granted by the authority of the Personal Data Act or regulations pursuant to this act or according to the concession given to the University of Agder. If the register will not be permitted pursuant to these regulations, the user has a duty to apply for the required permission. The operations manager will be able to give advice to users on how to obtain the necessary permissions.
4.3 A duty of secrecy applies to any personal information concerning other people that users may come across through their IT activities.
5. Proper use and resource awareness
5.1 Users are jointly responsible for ensuring that the university’s IT resources are used in the best possible manner. The term ‘resources’ here refers to time and capacity for both computers and networks as well as the capacity of the personnel involved in the various activities of the IT services.
5.2 A user should as far as possible refrain from using IT resources for other purposes than those directly linked to academic work, administration, own research, studies or organisational activities for university associations or unions.
5.3 Users must not use IT resources for issuing defamatory or discriminatory statements, spreading pornography or confidential information, intruding on the privacy of others or encouraging or contributing to illegal or non-sanctioned activities.
6. Rights
6.1 Normally there are rights attached to both computer programs and to data (texts as well as collections of information such as databases) that make the use of such data or programs conditional on agreement with the person holding the rights. Users have a duty to respect the rights of other persons. This applies to the use of musical works and other information that is subject to copyright, both on the internet and in other electronic information systems.
6.2 When the university makes software, data or other material available, users have a duty to respect such limitations on use as follows from the agreement. The agreement will be available from the local IT officer or the Division of IT.
6.3 Users are not entitled to copy programs by means of the university’s equipment beyond what is laid down in license agreements. It is under no circumstance permitted to copy licensed software beyond what is laid down in the Select Agreement (Microsoft products) or in similar agreements.
7. Quality of services and liability for damages
7.1 Users are themselves responsible for the use of information, programs etc. made available through the IT services. The university does not accept any responsibility for financial loss as a result of errors or defects in programs, data, and the use of information from available databases or other information obtained from the internet etc.
8. The University and the IT Division’s right of access
8.1 The university/the Division of IT has a right to apply for access to the individual user’s reserved areas in the system when the intention is to (i) ensure the functionality of the system, or (ii) to check if the user is acting in a manner contrary to provisions of these regulations or has done so in the past. Access to a user’s reserved areas is granted only when there are substantial reasons for suspicion and when the user’s action may have significant impact on IT operations or the liability of the university. The Division of IT must not access a user’s reserved areas without permission from the University Director.
8.2 It is assumed that the IT Division’s checks to ensure stability of operations and to prevent unauthorised access to data takes place within the framework set out by laws and regulations. Checks that may be seen as directed against individuals should be logged and a report on such checks sent to the University Director.
8.3 Where the use of a workstation, terminal or other end-user equipment is subject to surveillance by the Division of IT for reasons of operations security or for other reasons, this is to be made known by the placing of a mark on the unit or in any appropriate manner.
8.4 IT division personnel have a duty of secrecy with respect to any information about users or user activity obtained in the manner described above. However, any matter that may constitute a breach of these regulations can be reported to a higher authority.
9. Sanctions
9.1 In cases where users fail to comply with these regulations, the Head of the Division of IT or his/her deputy may deprive students of their accounts with immediate effect and withdraw the right to use the university’s IT services for a period of up to one week. Similar sanctions against staff must be decided by the University Director or his/her deputy. The case must without delay be reported to a senior manager, i.e. at department or office level in case of employees or to the Director of Academic Affairs when students are involved.
9.2 In cases of repeated or serious breaches of these regulations a decision may be made to withdraw user rights to the university’s IT services for an extended period of time. Such decisions must be made by the University Director in cases concerning staff and by the Director of Studies if students are involved. The University Director and the Director of Studies are also responsible for assessing whether further sanctions should be applied. Decisions concerning access to IT services may be appealed pursuant to the regulations of the Public Administration Act.
9.3 The University Board is the appellate authority in cases concerning employees and students.
Adoption of IT regulations
Adopted by the Board of Agder University College 5 February 1997 and amended 18 June 1997 (Board Matters 113/97). Terminology revised in connection with transition to university status 2007. Language revision 9 September 2011. Minor change 9 April 2014.
This is an English translation of the IT regulations in Norwegian. The Norwegian version is formally adopted.