§ 1. Introduction
The University protects its IT resources (including computer hardware, software, networks, telephone system, data, etc.) against unauthorized and misuse.
These regulations apply to all University employees and persons performing work for the University on the basis of civil law contracts, their assistants and persons associated with them.
Employee access to computer resources is not limited. The goal of the University as an employer is to provide employees with a working environment with the minimum possible number of barriers. Nevertheless, every employee has an important role in supporting and complying with these regulations. Violation of the regulations may result in taking corrective actions, including dismissal of the employee.
The University's IT Systems Center, hereinafter referred to as CSI, is a unit that provides comprehensive support for the University's IT resources and their expansion.
All requests for the purchase or allocation of computer hardware, software or access to information systems should first be addressed to CSI in order to verify their consistency with the University's existing IT infrastructure.
§ 2. Resources
- The University owns the content of all resources and assets, including: hardware, software, networks, telephone system, data, as well and all data flowing through the University network. This data includes e-mail and voice messages (including personal messages sent to the business address) and all electronic data stored in any form on any medium.
- CSI has access to all IT resources owned by the University for the purpose of their protection, maintenance or for other reasons important for the functioning of the University. In particular, CSI has access to any information contained in these resources and may disclose it to the Rector, Vice-Rectors or Chancellor.
- University employees are required to - at the request of the CSI head, approved by ABI - provide all data stored on the media entrusted to them by the University.
§ 3. Permissions
- Employees whose tasks require access to accounts with more rights than the accounts of a regular employee (understood here as system administrator accounts) are subject to additional requirements related to the use and secure maintenance of these accounts. Employees who require this special access must complete and sign the appropriate application and liability agreement.
- To access the resource, you must provide a written request to the CSI from the resource owner authorizing the employee to access the resource.
- To access the resource containing personal data, you must follow the guidelines of the Information Security Policy at UKSW.
§ 4. Restrictions
University employees are prohibited from:
- independent repair, alteration, extension or interference in the basic configuration of computer hardware and IT systems,
- installing or removing software without consulting with CSI,
- using the company network to illegally download materials protected by copyright, and storing such materials in the University's IT resources,
- sending data and company documents via instant messengers and p2p networks,
- using websites that are obviously unrelated to the scope of their official duties (e.g. dating and pornographic websites, as well as websites providing content prohibited by law or content protected by copyright),
- connecting high-power devices such as electric kettles, heaters, etc. to sockets or power strips supplying computer equipment,
- removing or altering markings with inventory, license or other numbers that the equipment has been marked with,
- changing the location of computer equipment without consulting the CSI and the Administrative and Economic Department.
§ 5. Security
- All employees have an Information Security Policy.
- Employees are required to keep their computer passwords confidential. The password should consist of a minimum of 8 characters including at least one number and a special character.
- Employees should not save their passwords in written or electronic form, unless they are their initial or re-set passwords that have a three-day or shorter validity period.
- Unauthorized use of system identification, logins or privileges assigned to logins for purposes other than business is prohibited.
- Employees who attempt to discover passwords, gain access to limited computer resources, violate these regulations and are exposed to corrective actions.
- Unauthorized employees are prohibited from accessing or modifying computer files that are not their property, even if there is no access restriction or there is no file protection. The employee does not have permission to access or modify such files, unless he has the appropriate permission from the owner of the file. Such access is an offense, is considered unethical and may result in corrective action. If the employee is unsure that he has the correct file access rights, he should consult his supervisor.
- Employees who contribute to access to University's protected IT resources by unauthorized persons violate these regulations.
- Persons not employed at the University are required to obtain authorization to access company resources by signing a Confidentiality Clause.
- Employees and students are required to report any situation that indicates a potential risk or breach of IT security directly to CSI.
§ 6. Responsibility
- Employees are responsible for the computer equipment entrusted to them. They have a duty to protect it against the negative influence of external factors, destruction, loss, and modification or deletion of data by unauthorized persons.
- Employees are required to use the University's IT resources for their intended purpose in a skilful and efficient manner to achieve their business goals.
- The conscious activity of an employee of a subversive nature, aimed at disrupting normal work in the University's IT resources, constitutes a serious violation of these regulations and may result in taking corrective actions, including dismissal of the employee and other legal sanctions.
- In exceptional situations, at the employee's request, the University allows the use of private computer equipment for official purposes. Private software may not have licensed software owned by the University, and the Employee uses private software for business purposes at his own risk and is responsible to the licensor of such software.
- Private equipment should be marked with the label "Private property - Name and surname of the owner".
- Before starting work, private equipment must be subjected to a security audit by CSI and, if necessary, additionally secured. The owner of the equipment is responsible for maintaining the safety of the equipment at an appropriate level, under pain of covering all damage caused by this equipment in University IT resources.
§ 7. Electronic mail
- To handle business e-mail messages, the employee should use an e-mail account in the domain owned by the University, served by the e-mail programs indicated by CSI.
- The employee is obliged to make every effort to ensure that when sending e-mail messages, parasitic programs and dangerous attachments do not reach the University systems or systems of recipients of these messages.
- Employees are not allowed to automatically redirect business email to external accounts that are not business accounts. The ban also applies to the automatic collection of business mail via accounts that are not University business accounts.
- Employees should respect the business email address assigned to them and, where possible, limit their disclosure on sites with a questionable level of trust. Stealing an address by spamming systems is irreversible and exposes the University's anti-spam systems to heavy loads.
§ 8. Reporting and removing defects
1. Problems with the computer hardware or IT system should be reported to the CSI "Help Desk" section, subject to availability, in order of the communication channels listed below:
- via the website https//:csi.uksw.edu.pl,
- by phone at 321,
- in person, ul. Dewajtis 5 rooms 001 of the old building,
- by email to email@example.com.
It is not recommended to report defects occasionally to CSI employees. The handling time for such notifications may be longer, because employees first carry out orders from which they are accounted for.
2. When reporting a fault, please provide:
- name and surname of the person or entity affected
- the location where the fault occurred,
- a fairly accurate description of the problem,
- contact details, e.g. telephone number, e-mail address.
3. Each application is registered in the electronic application system. The status of the application can be checked on the CSI website or by phone providing the application number.
4. Only registered applications are subject to complaint.
5. Some applications require a special written application before being accepted for implementation (e.g. granting entitlements to the IT system). The generator and application templates can be found on the CSI website.