Use of IT Services
Introduction
Örebro University is a government authority with a mandate to provide education and research, and to engage in collaboration with the wider community. The university strives for transparency within the organisation and its various activities, which requires systems to be universally accessible. Accessing public information should be straightforward and without significant identification requirements.
An important prerequisite for legally secure and efficient operations is a smooth and secure IT environment. Disruptions in the IT environment can have severe adverse effects on the operations, not least because several IT systems are often integrated and interdependent.
This document sets out the university’s guidelines on the use of IT services, with the purpose of facilitating satisfactory IT security at Örebro University.
In this document, the term ‘IT services’ denotes the university-wide functions that are (1) used in connection with the management of digital information and (2) have multiple users. These IT services have designated administrators and are managed centrally. Examples of these IT services are digital storage space, document management systems, finance systems, computer labs, printing systems, communication systems, and planning tools.
Authorised users
Those authorised to use the university’s IT services are university employees, students and persons authorised by management. External partners, who via cooperation agreements or similar are associated with Örebro University and its operations, are also authorised to use the university’s IT services.
Access rights are personal, and the passwords issued in connection with authorisation may not be disclosed to anyone else. Access rights are temporary and will expire should the association with the university cease or the account not be used for a period of twelve months. Exceptions may be decided upon by the head/manager in question.
Use of IT services
The following rules define what is considered as acceptable use.
Örebro University IT services are managed by Örebro University and are intended to be used in and for the university’s operations. Use must be in compliance with the rules that apply to the IT service in question. Services may not be used in such a manner that it damages or affects Örebro University’s name, reputation or good standing.
Users who, while using Örebro University’s IT services, detect errors or other disturbances in Örebro University’s IT services that may have an impact on the IT services, are to report this immediately to IT Support.
When using IT services, concealing one’s user identity or using someone else’s user identity are not permitted.
Contingent liability agreement
To gain access to IT services, a contingent liability agreement must be signed. This is done when the user receives their login credentials and whenever any changes are made to policies or guidelines.
ORU account
All authorised users that are to access the university’s IT services have one or more unique username(s) and password(s). These login credentials are personal and may not be used by anyone else. To ensure that no unauthorised users access one’s login, users must:
- regard and treat the login details as a document of value and therefore store them in a safe place,
- select a password that complies with existing guidelines, meaning, among other things, that it must be sufficiently strong and that it is not to be used in any other external IT systems or IT services, only those used within the university, and
- ensure that computers and other devices logged onto the IT services in question must be protected against unauthorised use by being locked when left unattended.
In the event of leave or other absence longer than three months, accounts are to be deactivated. Management is to notify IT Services of any such changes among staff.
When the user no longer has a relation to the university, the access rights are removed, and the account is inactivated. Personal data related to the account are kept as records for two years and is then deleted.
Internet
The internet is intended for information retrieval and other purposes of relevance within and for Örebro University’s operations.
It is prohibited to:
- visit websites that conflict with Örebro University’s or SUNET’s policies,
Örebro University's Information Security Policy (in Swedish),
SUNET's policy for approved use and ethical rules (in Swedish). - have, distribute or store illegal material or material that is in conflict with the university’s rules, e.g. pirated software, games or films.
Control and monitoring of IT systems
IT resources are monitored and events on computer networks and in other IT services are logged. These logs are saved and archived in accordance with the regulations in force on weeding and archiving and may, if necessary, be used as evidence of a possible breach of guidelines.
Sanctions for breaching guidelines
Upon a breach of these guidelines, the user risks being partially or completely suspended from using Örebro University’s IT services.
Criminal offences
Users suspected of a criminal offence under the Penal Code will be reported to the police.