General rules for IT use at Stockholm University of the Arts

General

To ensure the long-term sustainable and secure use of IT resources at Stockholm University of the Arts (SKH), the rules that apply at the university are described below. Stockholm University of the Arts' IT resources are owned by Uniarts and are intended to be used in and for Uniarts' mission to provide education, research and related administration and for collaboration with the surrounding community...

Rules for IT use

Stockholm University of the Arts' IT resources may not be used to improperly disseminate, store or transmit information that:
- Is in breach of applicable legislation, such as incitement to racial hatred, child pornography offences, unlawful violence, defamation, harassment, data breach or copyright offences.
- Is considered political, ideological or religious propaganda.
- Is contrary to the privacy provisions of the Personal Data Act
- Otherwise, it may be perceived as offensive and insulting.
- Aimed at promoting products or services unrelated to the university, or
- otherwise disrupt the activities of the SHA.
Use must also not contravene the SUNET (Swedish University Network) Code of Ethics.

SUNET Code of Ethics

It is a widely accepted principle in the academic world to keep networks as open as possible. For this to happen, it is inevitable that certain ethical requirements are placed on the individuals who use networks and on their activities...

Trying to access network resources without being authorised to do so.
Trying to hide their user identity.
Attempting to interfere with or disrupt the intended use of the networks.
Obviously wasteful of available resources (staff, hardware or software).
Attempts to damage or destroy the computer-based information.
Invading the privacy of others.
Trying to insult or demean others.

The name, reputation and good name of Uniarts shall be taken into account when utilising Uniarts IT resources.

Authorised user

Authorised user is the person who has been granted permission to use SKH's IT resources. Authorisation is personal and may not be transferred or otherwise made available to another user.
Two-step verification/MFA (multi-factor authentication) is mandatory at Uniarts and is there to increase the security of your account.
SKH assigns all staff and students an e-mail address with first name and surname in the address as the account should be identifiable and traceable.
It is not permitted to use someone else's authorisation or exploit misconfigurations, software errors or otherwise manipulate Uniarts's IT resources.
The authorisation is time-limited and linked to studies, employment, project participation or assignment. The user shall be notified of any circumstance leading to the termination of the authorisation. Authorisation may be withdrawn in the event of infringement of these user rules.

Use of the internet

The Internet is intended to be used for information searches and other relevant purposes within and for SKH's activities.
When used, it is forbidden to

visiting websites with pornographic, racist or other content that may cause offence,
Download programmes and files that may affect IT security at Uniarts (if you have any questions, contact the Service Desk, extension 8300)
Distribute and/or dispose of copyrighted material without the authorisation of the copyright holder.

For SHA employees, use of the internet is permitted for private purposes, to a limited
extent using SHA IT resources, provided that this does not take time away from work and
these rules of use are fully respected.

Use of e-mail

E-mail is intended to be used for communication internally within the SHA and for communication externally outside the SHA on behalf of the SHA's activities.
All communication relating to SHA's activities shall take place via an e-mail account allocated by SHA with intention that it shall be clear to the recipient that the e-mail message originates from SHA and relates to SHA's activities.
E-mail may not be used for political, commercial or other purposes that conflict with SHA's activities.
Avoid attaching large documents to e-mails as this can lead to overloading of servers and network
Everyone who has an e-mail account at SHA is responsible for regularly reading their e-mail. This also applies during longer periods of leave. For SHA employees, the use of SHA e-mail for private purposes is not permitted. Private matters matters that require e-mail are handled via their own private e-mail

Password selection rules

It is very important to manage passwords in a secure way.
Passwords and user identities are personal and must not be disclosed to anyone else. The SHA may in decide on exceptions to this rule in specific cases.
SKH uses so-called strong passwords. When choosing a password, please consider the following:

The password must contain 8-16 characters.
The password must contain at least 3 of the following 4 groups: upper case, lower case, numbers, special characters.
The password must not contain the letters å, ä or ö.

Do not use passwords that are directly related to yourself, your family or your workplace and that others may know. It should also not contain all or part of your username. Do not post your password in connection with your workplace as it could be found by unauthorised persons. Do not save your user ID and password for automatic login. Passwords should be changed immediately changed immediately if it is suspected that someone else has learnt its composition.

Other security rules (identification, interception, virus spreading)

Identification

It is not permitted to conceal the user identity when using SHA IT resources.

Eavesdropping

It is not permitted to intercept network traffic.

Virus

It is forbidden to deliberately spread viruses or other malware to or from SHA IT resources. All computers have virus protection. It is forbidden to deactivate or otherwise manipulate this protection.

Control and monitoring of IT systems

Users who, when using SHA's IT resources, discover errors or anything else that may be of
importance for the operation of the IT resources, must immediately report this to the Service Desk, extension 8300
The use of Uniarts IT resources is monitored to some extent through logging and other technical measures. In the event of suspected violations of these rules, the responsible manager may decide that all Internet traffic to be monitored in detail.

GDPR, General Data Protection Regulation

SKH processes personal data in accordance with the GDPR. SHA has the right to process personal data,
on the basis of legal basis, if other rules regarding the safe handling of personal data
are followed. As an employee and student at SKH, you are obliged to follow the rules for personal data processing
under the GDPR. The most common legal rules for an authority/university are:

Legal obligation

The laws and regulations that require the data controller, SHA, to process certain personal data in its operations. Examples of this type of legal basis are the Ordinance on accounting of studies at universities and colleges, the Accounting Act and the Archives Act

Exercise of public authority and task in the public interest

The controller, the Swedish School of Higher Education, must process personal data in order to fulfil its public authority tasks or to fulfil a task in the public interest. This includes, for example most aspects of education, research and co-operation. It also includes study administration decisions such as credits, examinations, eligibility decisions, disciplinary matters are also covered by these legal rules

Agreement

The data subject has a contract or will enter into a contract with the controller. This could be be, for example, employment contracts, purchase agreements or co-operation agreements Read more about GDPR on the SHA intranet under the heading Practical info/Dataskyddsförordningen/GDPR

Penalties for violation of user rules

Suspension from IT resource

In case of violation of these user rules, the user may risk being completely or partially suspended from SHA's IT resources.
Misused or abused IT resources may be suspended with immediate effect.

Disciplinary sanctions for students

Students in breach of these user rules may risk being reported to the Rector and Disciplinary Board in accordance with Chapter 10 of the Higher Education Ordinance. The disciplinary sanctions are warning or suspension for a certain period from teaching and other activities at Uniarts

Disciplinary sanctions for employees

Employees who violate the rules of use may risk being reported to the Vice-Chancellor and the Staff Responsibility Committee. The sanctions will be disciplinary measures.

Violations

Users suspected of offences under the Criminal Code may be reported to the police.