Regulations for employees concerning the use of information and information management resources

Contact: IT Services, Fredrik Bolinder

This document has been reviewed in 2025

Stockholm University 2014-11-28
IT Services Reg. no. SU FV-1.1.2-3513-14

Target group

These regulations are aimed at employees at Stockholm University and people working on behalf of Stockholm University.

Authorisation

Any person with a university account, or who has been granted access to the University’s information or information management resources, is considered an authorised user.

Any associated passwords may not be shared with a third party. Under special circumstances, however, a password may be shared with the head of department/equivalent.

The authorisation is temporary and expires at the end of the employment, assignment, or similar.

The University signs written contracts with personnel with special authorisation within the University.

General regulations

The basis of these regulations is that information and the associated information management resources (client computers, servers, networks, peripherals) are owned and managed by the University for use in University operations. Non-work-related use of University resources is only permitted to a limited extent:

When regular activities are not disrupted;
When it is not in conflict with applicable laws, University policies, provisions, guidelines, and regulations.

Some information contained within the University may be regarded as official documents and thus constitutes public information. Personnel working with information security are responsible for monitoring the University’s IT infrastructure and take action where necessary.

Detailed regulations

Information management resources may not be used to view, download, print, or otherwise handle pornographic or offensive material unless specifically authorised for work-related purposes.
It is not permitted to hide one’s identity when using information management resources (e.g. Internet and email), except where specifically authorised by the Vice-Chancellor or permitted in accordance with the freedom to provide information or other statutory rights under the principle of public access to official records.
It is not permitted to exploit incorrect configurations, software bugs, or other methods in order to gain additional access or other privileges.
All copyrighted material may only be copied or distributed with the permission of the copyright holder. This means that it is not permitted to download copyrighted information or software.
Sabotage, sedition, incitement to racial hatred, and intrusion or attempted intrusion into local or external systems are prohibited in accordance with general legislation.

Reports

Anyone who discovers faults, breaches, irregularities, or other problems, should report these to the head of department/equivalent.

Personnel with responsibility for information security should report breaches of internal regulations and applicable laws to the head of department/equivalent. The head of department/equivalent will determine, on the basis of the Public Employment Act, whether such a report should be referred to the disciplinary board or filed for prosecution. In other cases, the information security coordinator may take measures such as suspending accounts and restricting access to the University’s information management resources pending further investigation.

CONFIRMATION

I hereby confirm that I have read the Regulations for employees and personnel working on behalf of Stockholm University concerning the use of information and information management resources and understand that it is my responsibility to comply with these regulations. I am aware that failure to comply with these regulations may result in the suspension of my account and access to the University’s information management resources pending further investigation. In addition, it is incumbent upon me to notify the head of department/equivalent about any circumstances that will affect my access; for example, when my employment or assignment ends.

Date Signature
Civic registration number
Name in block letters

Liability agreement for system administrators

This document is based on current legislation and the University’s internal policy documents, which state that the responsibility for information security follows the delegation policy.
It is the head of department/equivalent that is responsible for information security at each unit.

The head of department/equivalent can appoint an authorised user as a system administrator. A system administrator is a person with more privileges than regular users in IT systems and communication networks. The system administrator is typically responsible for the reliable operation and security of IT systems and networks, or involved in the operation or management thereof. The system administrator is appointed and granted privileges and obligations through a written decision by the head of department/equivalent. The decision should specify the systems or equivalent to which the privileges apply.

Authorisation

Any authorised user can be appointed as a system administrator. A decision by the head of department/equivalent, in addition to a signed liability agreement, are required in order to be granted system administrator privileges.

Department/equivalent:

Name Email address

IT resource Comment Term of appointment