Norwegian version of this page

IT Rules and Regulations for Østfold University College

Østfold University College (hereafter referred to as HIOF or “the College”) is required to manage risk and safety in the use of information and technical resources. Access to these resources (information, applications and equipment), demands user-accountability with regard to information security. Everyone has a responsibility to protect the confidentiality, integrity and availability of the information processed and the security of the technical equipment used.

Security procedures outlined here must be adhered to.
Username. You are solely responsible for the privacy of your username. When away from computer equipment and/or workspace, always log off or restart, and/or lock your office door.
Your Password verifies you as a legitimate user of your username. The password is personal and shall not be transferred to others, never sent in any email, not even to IT-Support (should you get such a “phishing request)” or written down visible to others (f. inst. on post-it notes). If others have learned of the password it must be replaced immediately. In cases of suspected misuse of passwords, you must notify IT-vakt (IT Support) immediately.
Your Access Card is private, it must be kept safely and not shared with others. You should treat the associated pin-code as you do other passwords. Tracking of use is done for security reasons and trouble-shooting, and is deleted automatically after a short time.
The computer equipment at the College is to be used for activities related to teaching, research, studies and administrative work. Public resources shall not be used for commercial purposes or for activities unrelated to the normal activities that take place at the College, nor in any political context, with the exception of normal employee and student internal political activities. Private use of computer equipment or use in outside employment or other commercial purposes is not permitted.
Equipment Protection and integrity. Employees and students shall not moderate or change equipment in any way without the explicit permission of IT operations. Specifically, you must never disassemble equipment, remove or insert parts, change hardware and/or software configurations, and remove equipment from the place where it is located. We must all be watchful and help in preventing theft from the College by adhering to rules for access to buildings and equipment.
Information Access. Mail and data stored on the individual's private home area on HIOF’s computer servers is treated as individual private property and will be processed in accordance with the Personal Data Regulations, Chapter 9. More here – in English. This means that the employer/institution only in special circumstances have legal permission to open and read this material and, as far as possible, only after prior notice. If after work-termination or finished studies, or by injury or illness, or suspected criminal offense or violation of duties and/or regulations make it necessary to access the employee's or student’s email or storage area, this will be done in consultation with your student-counselor and/or with the Managing Director.
Personal email should be collected in a separate email folder, called private, similar to personal file storage areas.

All data files are regularly checked for viruses and other software that might be harmful to our systems. If malware or virus is detected, it may be necessary to scan the user's data space manually. All Internet activity may be logged for security reasons.
HIOF email. Be careful to ensure that private email sent from your mail account is not perceived as official mail from the College. Spam, chain letters, etc. are not allowed distributed or forwarded. Electronic mail is a tool for communication between people. Electronic mail to large user groups should not be used as a channel for discussions and other exchange. You are required to stay current with official College affairs by reading your HIOF mail regularly, and also follow our front and information pages @ hiof.no
Identity. You must not act anonymously via email or other HIOF services, nor act under a false name a pseudonym. Everything you mail out from your College email account must be identified by your name and a reference to the College and you are personally responsible for ensuring that the content is not of defamatory and/or libelous nature.
Copying licensed software is not allowed, unless explicitly permitted. Installation of software on the College's equipment is not permitted without prior approval from IT operations. Unauthorized downloading and copying of software is not allowed. The collection, storage and distribution of information that is contrary to Norwegian law shall not occur.
Storage of work-related data is done on our network computer servers, in accordance with applicable rules:
Central file storage areas: network servers, with corresponding access levels. These areas are backed up at regular intervals.

Local areas: data of a private nature may be stored locally on your personal machine. HIOF assumes no liability for this data.
Other storage media (i.e. USB memory sticks, CD / DVD disks, tape, etc., as well as paper documents) that contain information owned and/or managed by HIOF, shall be kept confidential and shall not be shared with others.
Personal data is encrypted when distributed outside HIOF, with regard to both email and storage media.
Mapping of system weaknesses. You must not engage in testing or monitoring of possible system weaknesses in HIOF’s computer systems and/or networks, or otherwise engage in "hacking" against internal or external systems.
You may connect private equipment like tablet/laptop/PDA/mobile phone to our wireless network (Eduroam) provided that this is treated securely and that such equipment at all times are kept up to date (antivirus, OS updates, etc.). When using such equipment it is implicitly accepted that remote wipe of device can be implemented in case of serious security breach.
Protect yourself from malicious code. Exercise extreme caution when opening email and attachments from unknown senders, when using Instant Messaging, when activating links and instant messages, and on Web pages, etc.. Anything received via USB flash drives and CD/DVDs, etc., must be checked against an antivirus program, no matter who the sender is. If virus or malware is suspected, contact IT-Support
Reporting. You should report security incidents and suspected viruses etc. to the nearest student advisor and/or the IT-Support office.
If you are hosting visitors who will be working with HIOF equipment, you are responsible, together with the visitors, to make certain that the confidentiality statement is understood and accepted (signed), and that security policies are adhered to.
Sanctions. Violation of the above rules and regulations may result in sanctions, legal prosecution and/or financial liabilities.
Loss. The College assumes no responsibility for any loss arising as a result of efforts to preserve system security. Serious breaches of safety regulations and abuse will be prosecuted. This includes abuse that causes HIOF financial loss or liabilities.
Property rights. HIOF owns all software and computer equipment that has been developed using the school's data resources and/or associated with the school's computer network, cf. Law on copyright § 39. An exception is the law regarding the right to inventions by employees.

Rules for the use of Key cards

1. The card is for personal use only.
2. The PIN code is private and is not to be announced to others.
3. Report immediately to the student reception in case of loss of card.
4. Individuals without a valid key card have no access.
5. If you allow trespassers to enter you will be held responsible for his or her acts

Published June 17, 2020 11:11 AM - Last modified June 6, 2023 4:44 PM