Rules for the Use of Information Systems
Rector has confirmed these Rules on June 19th, 2002. They become valid on August 1st, 2002.
| 1 | General | |
| 2 | Principles of use | |
| 2.1 | The position of the user | |
| 2.2 | User accounts and passwords | |
| 2.3 | Use | |
| 2.4 | Liabilities | |
| 3 | Abuse of the system: investigation and consequences | |
"Information system" refers in these rules to
- both private ADP equipment or hardware and entities composed thereof
- the University computer network
- software and services operating therein
- information held within these.
1. General
Information systems and the computer network are important tools and means of communication for the University community. The University is part of an international network community and thus, especially in external communications, users should consider the position and reputation of the University. The way we use the network and behave on it creates an image of the University of Tampere and affects our opportunities to use information connections and network services.
The University of Tampere endeavours to provide members of the University community with good facilities for using IT services. Ensuring good working conditions is essentially based on everyone being aware of his/her obligations in the use of the systems and services and complying with generally agreed rules.
These rules shall apply to all information systems within the control of the University or otherwise at its responsibility and their use, and
with regard to users, to other services where the access rights have been acquired through the agency of the University. The rules shall also apply to workstations in general use and all equipment connected to the University network.
All users of University IT are required to abide by these rules and also other rules and instructions issued in respect of University information systems and to maintain good practice.
There is a body responsible for each University information system (owner), responsible for the purposes for which that system is used, its functioning and content and the use made of it. The owner of the information system will draw up user guidelines and ensure that the services of the information system and its use are in accordance with these rules. The Computer Centre is responsible for the common information systems of the University. The head of the unit or a person designated by him/her is responsible for information systems under the control of University units.
Those maintaining the information systems shall take care of the functioning of the University IT services, their administration and the monitoring of functions and use. Regarding administration a document "Tietojärjestelmien ylläpidon ja käytön seurannan säännöt" (Rules for the administration and use of information systems; only in Finnish) has been compiled.
These rules and other instructions regarding the use of the University's common information systems are available from the Computer Centre User Information Point and from the University's www server in Finnish at http://www.uta.fi/hallinto/tietohallinto/saadokset/, some of them in English at http://www.uta.fi/hallinto/tietohallinto/saadokset/it-rules.html.
The University reserves the right to make alterations to these rules without prior personal notice to users; such changes may be effective immediately.
2. Principles of use
University students, researchers, and personnel officially present at the University are entitled to use the University IT services for
purposes which are directly connected to studies, research, teaching or administration at the University of Tampere. Private use is permitted to a limited extent only insofar as it does not affect the use of the system and or conflict with the rules regarding general use and use of the system in question. Commercial activity is absolutely forbidden. Acceptable political activities are limited to University elections, homepages and mailing lists of political student organisations connected to the activities of the Student Union of the University of Tampere and information dissemination regarding activities of the personnel trade union.
All users should be vigilant in matters pertaining to information security. Although a user him/herself may not have anything particular
to protect, other people may. All users are responsible for the overall security of the information system.
The University of Tampere endeavours to protect all users from computer viruses, junk mail (mass communications) and hacking in to the systems or private workstations from outside of the University network. Users must ensure that they do their share in this according to the rules.
The main principles of the rules are:
- All those entitled to use the systems shall have the opportunity for reasonable appropriate use.
- No damage or disadvantage shall be caused to other users or organisations in the computer network or information systems.
- Other users' privacy shall be respected.
2.1 The position of the user
Users will be granted an access right to specified information systems. This access right will be based on the user's position in the
University. Unless separately agreed, the right to use the systems will be withdrawn when the user is no longer part of the University or when his/her position or tasks change.
The document "Käyttäjätunnuksen voimassaolo" (The Guidelines on validity of user account; only in Finnish) provides more detail regarding validity of user accounts and the effects on these of leave of absence or being absent from studies.
Against application an access right to a named system may be granted to a person who is not part of the University. Whoever owns the information system will set the preconditions for granting access rights.
It is a condition of obtaining an access right that the user agree to comply with these rules and also other rules and instructions issued by the University of Tampere regarding the use of IT services.
2.2 User accounts and passwords
The user account and its password are both personal and may not be surrendered for others to use. This also applies to course accounts and their passwords. Without special agreement with the University the user may not surrender to a third party access rights, user accounts, or information services granted to him/her, be they part of either the University information system or of an information system in his/her own possession attached to it.
A password which may have come to the knowledge of another party must be changed without delay. Passwords should be changed in any case at appropriate intervals.
Each person should use only his/her own name and user account. Contacts outside the University may be made using only the personal user account. It is forbidden to use an identity belonging to another person or to falsify the name of another person.
Course user accounts assigned to groups for a specific purpose constitute an exception to using only one's own name. However, course accounts may not be used outside the course and should not be used for making network connections outside the University. The course teacher is responsible for the use of course accounts used on the course and for their removal.
Another exception is the user accounts used for electronic transactions in the University. When these are used the response given to the client should always make clear the name of the person providing the response.
2.3. Use
Systems should be used with care, in keeping with good practice and showing responsibility, not causing unnecessary inconvenience to other use or users of the system.
Unauthorised acquisition of information in the information systems is forbidden. Seeking and reading information and files belonging to
another user is permissible only with that person's consent. Unauthorised acquisition of the content of a data transfer or of any
other telemessage belonging to another person or attempting to do so is a criminal act. If a user accidentally comes upon information intended for or belonging to other people, its use, storage or dissemination is forbidden. This event must be notified to the system administration personnel and/or the user concerned.
To ensure protection of privacy the personnel should separate files intended for personal use into their own folders/sub directories.
The publication, mediation and distribution of commercial material, illegal material or material which is contrary to good practice and
needless burdening of the resources of the system are forbidden.
For example, the legislation governing teleactivity, personal information, criminal law and copyright includes provisions for the use
of ADP; the consequences may entail claims for damages, fines or imprisonment.
Those parts and features of the system which are not clearly shown to be available for general use should not be used. Access rights may not be used for searching for data protection vulderabilities or performing unauthorised data decryption, copying or altering data transfer or for hacking in to other systems, directories or services. Any information security flaws noticed by users should be reported immediately to the head of information security or to the system administration personnel.
If the purpose of the system so requires, the user of the system is bound to non-disclosure regarding the contents of the system, the ways of using it, its security level and characteristics insofar as the instructions issued regarding the use of the system or the legislation
pertaining to the system or the information therein contained require.
2.4 Liabilities
Each user shall be responsible for all use made of the system under his/her account.
Users will themselves be responsible for the protection of their files.
A user of the services will be responsible for compensating damage due to his/her use of services contrary to the rules or otherwise
deliberately caused or inflicted.
The Computer Centre will secure the information stored in the systems it administrates through backup copies.
Although every effort will be made to ensure as high as possible a level of usability and security of the information systems disruptions, errors and misuse of the systems cannot be completely avoided. Thus the University of Tampere cannot guarantee the security and confidentiality of the information systems nor the integrity of data. The responsibility for the preservation of research and other materials rests in the last instance with the owners of such data themselves.
The University of Tampere accepts no responsibility for financial loss to users or other damage due for example to technical flaws, network congestion or interruptions or delays due to maintenance measures. However, advance notice must be given of known interruptions due to maintenance. In fault situations repairs will be carried out during working hours unless otherwise announced.
No hardware or information systems may be connected to the University network without obtaining due authorisation from the Computer Centre. Such connections should always be done according to special instruction issued by the Computer Centre. The owner of the system to be connected to the net will be responsible for that system and also for outgoing and
incoming network traffic.
The user's home directory and mailbox will be removed within a reasonable time after the end of the use of the user account/ the expiry
of the access right.
3. Abuse of the system: investigation and consequences
Deliberate or conscious activity contrary to these rules and contrary to the rules and instructions issued to for use of University information systems will be considered abuse of computer network, likewise exceeding rights granted to users.
When abuse is suspected or observed the maintainer of the information system and the head of the unit responsible should be contacted, and, if the nature and severity of the abuse so require, also to the head of information security. The decision regarding further measures and protective measures will be taken on the basis of the severity of the abuse. This will be done either by the head of the unit responsible for the information system, the head of information security or the steering group for information security. The Computer Centre will be responsible for overseeing that these rules are obeyed in respect of the information systems under its ownership and administration and the information net of the entire University.
As a result of abuse the following measures may be applied to the user:
- reprimand
- restrictions with regard to use or (temporary) exclusion from use
- demand for compensation for misused resources and costs of cost incurred in detecting the abuse
- turning the matter over for investigation by the police (liability in criminal law and for compensation)
puh. (03) 355 111
