IT Regulations
The IT regulations apply to all users, including employees and students at the University of Volda (HVO), as well as anyone using HVO's IT equipment and resources. Users are required to familiarize themselves with the contents of the regulations before using IT equipment and to stay informed about the current regulations and any supplementary provisions. Norwegian law applies.
All users of our resources must be aware of their roles and responsibilities. Let security start with you – let security awareness be part of your daily routine, whether you are at the office, traveling, or working from home.
Security measures that are implemented must be followed.
User Accounts and Passwords:
The user is responsible for all activities under their account and must keep their password confidential. If others have gained knowledge of the password, it must be changed immediately. If there is suspicion of unauthorized access, IT should be contacted immediately.
Software provided by HVO should only be used in accordance with applicable license agreements. Installation of other software must be done in consultation with IT.
Standard IT Equipment:
HVO has standardized on Windows-based PCs and does not support the purchase of other equipment, either financially or technically.
Classification, Protection, and Storage of Data:
Data must be classified, protected, and stored in accordance with HVO’s data storage guidelines (link).
Private use of HVO’s IT resources for personal business purposes is never allowed. It is not permitted to lend out HVO’s laptops.
Access to Information:
HVO does not have access to users' email or private storage areas without the user's consent. In case of an emergency (e.g., accident), access to an employee’s email can be made by the nearest supervisor in consultation with the local safety representative. Email and files that are considered private by HVO remain protected by privacy regulations. All internet activity can be logged for security reasons.
Email:
Sending email from the user’s HVO account is considered as sending a letter with HVO’s letterhead. Caution must be exercised when opening emails from unknown senders, activating links and attachments in unknown emails, chat conversations, and websites, etc. Spam, chain letters, and similar are not allowed to be distributed or forwarded. The HVO account should not be used for private purposes, including online registration and similar activities.
System Vulnerability Mapping:
Users should not, on their own initiative, conduct mapping or testing of potential vulnerabilities in HVO’s systems and/or networks, or otherwise engage in hacking activities against internal or external systems.
Private Equipment:
Connecting to HVO’s network is done at the user's own risk. The user is responsible for ensuring that their equipment is always updated with security measures (e.g., antivirus, OS updates, etc.).
As a host for visitors working with HVO’s IT resources and/or equipment, the user, in collaboration with the visitor, must ensure that the confidentiality agreement is understood and accepted (signed), and that the security policy is followed.
Routine in Case of Violations:
Consequences of violating the IT regulations are governed by HVO's staff handbook, chapter on "Negligence," and the Statens Staff Handbook, chapter 2.10 "Written Warning and Disciplinary Action."