Finnish legislation defines general preconditions for the production and administration of IT services and the service users as well as the rights and obligations of both groups. The University’s own Information Security Policy defines in more detail the University management’s most important guidelines and strategic priorities for information security work. The general data protection statement and the system privacy policies describe how the University processes users’ data. Practical information security guidelines intended for all members of University staff and students are stored in Flamma as information security is primarily an internal matter for the University.