Contents
1 Purpose
2 Principles of Use
3 Information Security and Liability
4 Maintenance
5 Violations
6 The Investigation and Consequences of Violations
In the following context the term "information system" refers to both the university's computer system and data communication network, either separately or jointly.
1 Purpose
LUT's goal is to offer its students and staff good facilities for the use of the information system.
These rules are applied to all the information systems directly administered by LUT or for which LUT is responsible.
In addition to these rules, the head of the Computing Centre can issue complementary instructions for the use of separate equipment, software or networks.
2 Principles of Use
The students, researchers and other staff at LUT have the right to use the university's information system services in work that is directly related to study, research, teaching or any activities that support the previously mentioned at LUT. The use of network and email services for personal purposes is permitted to a reasonable extent. The use of these services for commercial or political purposes is forbidden.
The use of the information system services requires a user permit which binds the user by these rules as well as other instructions and rules issued by LUT concerning the use of the information system services. When granted a user permit, the user receives a personal user name and agrees to adhere by these rules. The user must not cause any damage to other users or to organizations or information systems in the data communication network.
Only devices owned or administered by the university can be connected to LUT's data communication network. Otherwise, permission for connecting a device must be requested from the Computing Centre. The instructions issued by the Computing Centre must be followed when connecting a device to the university's data communication network.
3 Information Security and Liability
All users of the information system must promote the security of the system and are liable for the system's overall security.
The user name and respective password are private and must not be given to any one else other than the user. This also applies to course user names and respective passwords. A password that may have come to the knowledge of someone other than the user must be changed immediately. In general, passwords must be altered at sufficiently frequent intervals.
Every user is responsible for the use of the information system through their user name. When using the systems, both care and good manners must be exercised. For instance, when a user uses a system that requires logging in, the user must also remember to log out when leaving the system.
Users must take into account that the Finnish law, (the telecommunications act, the personal information act, the criminal law, and the property rights law) regulates the use of computers, and anyone found guilty of violating the law is liable to answer to claims for damage compensation or face punishment by fines or imprisonment. Users are responsible for safe guarding their own files.
Reading or searching for information concerning or belonging to another user is only permitted with the permission of that user. If a user accidentally receives information intended for or belonging to another user, using, storing or distributing this information is forbidden. The staff responsible for administering the system and the user for whom the information was intended or to whom it belongs must be notified.
A user must use only their own name and user name. Special course user names and nicknames used in chat groups are exceptions to this rule. Course user names are not to be used outside the course they are intended for. A user must use their personal user name only for communicating with data communication networks outside the university. It is forbidden for a user to falsify their identity. Using anonymous servers is not considered falsifying one's identity.
The teacher of a course is responsible for the user names used during the course and for removing these user names.
A user must take into account the other users of the information system. Users must be reasonable when using both the information system and external data communication connections.
Even though the Computing Center works to maintain the usability and security of the information system at as high a level as possible, it is nonetheless impossible to avoid violations and interruptions. LUT does not guarantee the security and confidentiality of the information system and neither does it guarantee the non violability of the information received through the system. The owners of research and other forms of information are ultimately responsibility for maintaining the information belonging to them. LUT is not liable to a user for damage or losses caused by the use of the information system.
4 Maintenance
The head of every administrative unit at LUT designates, in writing, persons responsible for the information systems administered by the unit and of whom the unit keeps a special list. These persons form the maintenance staff.
The maintenance staff reserves the right to monitor, restrict and regulate the use of the information system as well as, whenever necessary, to copy, transfer or remove information in the equipment or network in order to ensure the information system's operation and to investigate and repair errors and disturbances.
A user's information is removed from the information system when their permission expires. The maintenance staff is bound to confidentiality. The "University's Guidelines for the Information System's Maintenance Staff' contains information in more detail on maintenance.
5 Violations
All of the following are considered violations of the information system:
• Disturbing the use of a computer system for a purpose for which it has been purchased and installed
• Causing, in the data communication network, disturbance, damage or expenses not related to the university's activities
• The use of parts or characteristics of the information system that is not intended for common use or the use of which is specifically forbidden by the staff responsible or the owner
• Violating the university's Internet rules
6 The Investigation and Consequences of Violations
The Computing Centre monitors the compliance to these rules for the resources it owns or administers as well as for the whole university data communication network while the administrative units monitor the information systems they maintain.
When violations are encountered, the decision on further and protective measures is made by the person responsible for information security, the university's chief of information security and the head of the Computing Centre. The Executive Group for Information Administration is notified of all observed violations.
The maintenance staff has the right to obstruct or limit the use of the information system once it has encountered a malfunction or violation. In addition, violations can lead to the following measures being taken subject to the rector's decision:
• Restrictions on the use of the system or a (temporary) usage ban
• Charges for compensation for the misused resources according to valid tariffs as well as charges for the expenses incurred in investigating the violation
• Disciplinary action for university staff or students
• Handing the investigation of the violation over to police officials, resulting in criminal and monetary liability
Approved by the university's governing board on 25.10.2000.