The Acceptable Use Policy of the University shall be revised annually to reflect any changes made to the services or applicable legislation. The IT Management unit is responsible for the monitoring and updating of the Policy.
The University must strive ensure the confidentiality, integrity and usability of the data of all of its user groups, and provide a reliable and secure environment for data processing. This and other policies have been devised to help different user groups acknowledge the rights, responsibilities and obligations that are associated with their user accounts. Even unintentional negligence of responsibilities associated with the user accounts may compromise the integrity, confidentiality and availability of data belonging to the users.
This Policy shall be applied to all of the information systems owned by the University or otherwise under the responsibility of the University, and to their use, and for users, to other services for which access or user accounts have been obtained through the University. This Policy shall also apply to public workstations at the University, and to all equipment which is connected to the University network.
All IT users within the University shall comply, in addition to this Policy, with other applicable rules and guidelines issued by the University, as well as take into account that Finnish Administrative Procedure Act (434/2003) and Act on the Openness of Government Activities (621/1999) are applied as decreed in Universities Act (558/2009) 30§. Any breach of this Policy or other rules concerning the use of the information systems shall be dealt with in accordance with the Information Security Policy of the University.
The valid version of the Acceptable Use Policy and the Information Security Policy shall be made available on the website of the IT Services.
Any breach or failure to observe the conditions of this Policy or other policies and guidelines concerning the use of information systems may cause the denial of access. The general principles applicable to the use of the information systems and the interpretation of the Acceptable Use Policy are as follows.
The publishing, transmitting or distributing of illegal material or material that is contrary to good practice, and unnecessary occupation of system resources, are strictly prohibited.
The information systems of the University are provided as tools for studying, teaching, conducting research and performing administrative tasks at the University of Helsinki. Any other use requires a separate agreement.
University information systems and the related user IDs may not be used for political activities, with the exception of university elections and the activities of political student organisations and sub-organisations, and staff unions. Commercial use, for purposes other than those related to the University, is permitted only by express authorization.
Private use is permitted to a limited extent, as long as it does not
Private files shall be kept clearly separate from material related to the basic activities of the University. Material stored in the home directory of a student shall always be considered to be private. Members of staff shall keep their private material separate from work-related material, to ensure the protection of their privacy. Private material shall be saved to separate folders labelled so that their private nature is evident (for example: personal or private).
All users of the information systems shall share the responsibility for the general information security of the University´s systems and the data contained therein.
All users shall contribute to the general information security of the information systems. Even if an individual has no need for special protection, other users may have. Any observed or suspected information security weaknesses or breaches shall be immediately reported to the administrator or owner of the relevant information system or to the head of the relevant unit. Information security incidents shall be handled in accordance with the Information Security Policy of the University and the guidelines on handling security incidents.
University staff and students must pass University of Helsinki IT Security Test annually. All staff and students are resposible for taking the test on time. In case the IT Security Test is not taken nor passed before it’s deadline, the corresponding user account will be disabled and it’s use prohibited until the IT Security Test is passed with acceptable grade. There is no upper limit on how many times a user can take the IT Security Test.
The University strives to protect all users from malware, spam and attempted attacks on systems and individual workstations. All users shall contribute to these efforts by observing the relevant guidelines.
Each user shall be responsible for providing the University with their up-to-date contact information, in the event that the University needs to contact them.
The IT Center is responsible for providing the common backup system of the University and provides users with the possibility to back up their data in systems within it’s scope. The IT Center, however, assumes no liability for damages caused by the possible destruction of files. Users are responsible for the classification of their data and for ultimately creating relevant backup copies.
Users are bound by the obligation of secrecy regarding the information content, methods of use, level of security and properties of the systems where the intended use of the systems, the policies for use, or applicable regulations so require.
Only equipment that is owned by the University and that has been approved and registered by the IT Center may be connected to the network of the University. The equipment must require user authentication through, for instance, a user ID and a password, or to enable user identification by other means in exceptional situations. The equipment must maintain a usage log. Equipment shall be connected to the network in accordance with instructions issued by the IT Management department. Network elements reserved for visitors and the personal equipment of University students and staff have been marked and separated.
Users will be granted accounts on the common information systems of the University. The accounts are based on the position of each user within the University. If necessary, they may be granted to a person who is not affiliated with the University. User accounts on systems with limited access are granted separately to each user. The granting of accounts is the responsibility of the IT contact personnel.
If there is reason to suspect that a password or another identifier has come into the possession of a third party, the password must be changed or the use of the identifier must be prevented immediately. Passwords shall be changed at regular intervals and must be difficult to break.
A user account shall expire after:
A user ID shall be terminated when
The processing of data prior to the expiration of user accounts:
Data stored in the information systems under user IDs will be deleted 12 months after the expiration of the respective user account.
Each of the information systems of the University has a designated administrator (owner) who is responsible for the intended use, operation, contents and use of the system. The owner of the information system compiles instructions for its use and ensures that the services and use of the information systems comply with this Policy. The IT Department is responsible for the maintenance of the common information systems of the University. Information systems owned and managed by University units are the responsibility of the head of the respective unit or the individual designated by the head. Each unit shall maintain a separate list of persons in charge of the systems and their maintenance. The list shall be kept up-to-date and available to be presented to the IT Management upon request.
Administrators may supplement this Policy by issuing instructions on the use of specific devices, software and networks. Additionally, the IT industry may issue guidelines applicable to the entire University by first submitting them to the IT Management for approval.