Terms Of Service (IT) - For students

This is an excerpt from Kristianstad University's policy on information security, which refers to the regulations that apply to you as a student when utilizing the university's IT resources.

Excerpt from HKRs policy on information security, chapter 3 - Regulations - Users:

3.3 Student at HKR

3.3.1 User responsibility

As users of the university's IT and information resources, students must comply with certain rules and regulations for how these resources are to be used.

3.3.2 Information access

3.3.2.1 Permissions

The university has access control systems to ensure that only authorized users can access specific information.

It is not allowed to acquire- or attempt to gain higher access into systems for which you are not authorized.

3.3.2.2 User identity, e-mail address and password

Students are assigned a user identity with associated login information the first time they are admitted to a course or program. The user identity consists of an e-mail address and a username based on automatically retrieved information from the Swedish Tax Agency (Skatteverket). The username and e-mail address may be automatically changed in case of a registered name change with the Tax Agency.

Students' user identities and email accounts are activated on the day they are admitted to a course or program. Students' user identity and email accounts are terminated/deactivated after 18 months from the last registered course completion.

A randomly generated password is created for the user identity, which is not assigned to/shared with the student. This password only works as a placeholder until the password is changed. Students are instead assigned a link to the university's portal for password changes, after which a personal password must be chosen.

The password has no expiration date and there are no requirements for password changes beyond the initial requirement to choose a password. However, the University recommends that the password be changed at the start of each semester.

Passwords and user identities are personal and may not be shared with anyone else under any circumstances. It is also prohibited to borrow someone else's login information, even if he/she has given his- or her consent.

Do not write down your passwords where they can be found/seen by other unauthorized people.

You should avoid reusing your passwords, especially on external websites or services.

Passwords should be chosen so that they are difficult to guess (by humans and software) and must meet the university's password criteria regarding complexity:

Password should not contain the user's name or user name.
Password should consist of at least 8 characters.
Password should not contain any of the following characters: Å, å, Ä, ä, Ö, ö
- Password should consist of characters from three (3) of the following four (4) groups:
- Lowercase letters: a-z
- Uppercase letters: A-Z
- Numbers: 0-9
- Special characters (symbols):! @ # $% / () [] =? + \ *,; . : - _ |
Not be the same as the ten (10) most recently used passwords.

The password should be changed immediately on suspicion that the password has been known by someone else.

In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and prevent access to user accounts and information resources.

3.3.2.3 Use of university equipment

When using the university's computers, students should primarily store their files in "My Home Directory" (also called "H:") on the computer. "My Home Directory" is automatically synchronized to the university's servers, which means that data is backed up to the server.

Data stored on the local hard drive (C :) (for instance on the Desktop) is not backed up and may be erased when the university computers are rebooted and/or reset automatically.

It is not permitted to install, store, use or make available pirated software or media (such as film and music) on equipment or other computer systems belonging to the university.

The University reserves the right to prevent and block access to software and services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.

Upon completion/end of the students studies, the student is responsible for:

any assigned/borrowed computers- or other devices are returned in working- and clean condition.
any assigned/borrowed computers- or other devices are returned in such a condition that reuse is possible.
In some cases, however, the assigned/borrowed computer may be purchased by the student upon graduation after a finalized purchase agreement with the university.

Storage of information/data containing personal data (yours and others) should be handled with care. If sensitive personal data or classified information is stored on external/movable storage media (eg USB-stick or memory card), these must be encrypted to prevent unauthorized access in the event of loss. For assistance with implementing encryption, contact the IT department.

3.3.2.4 Use of private equipment

You are permitted to connect private equipment (computer, phone, etc) to the university's wireless network (Eduroam), provided that the equipment does not expose the university to obvious security risks / threats. However, it is not permitted to attempt to connect private equipment to the university's wired network (ethernet).

The University also reserves the right to prevent and block access to software and services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.

3.3.3 Internet

The university provides staff, students and guests with internet connectivity via SUNET (ISP). The university strives to keep the internet access as open and free as possible in accordance with net neutrality. In order for this to happen, certain ethical requirements are inevitably placed on the users of the university's internet connection and it is therefore not allowed to:

attempt to gain access to network- or other IT resources without being authorized to do so;
attempt to interfere with, or disrupt network services or other connected IT resources;
attempt to damage or destroy digital information/data and/or resources;
intentionally- and maliciously wasting available resources (personnel, hardware or software);
infringe on the privacy of others,
maliciously insult, threaten or humiliate others.

Appart from the above rules and regulations set by the university, provisions regulated by Swedish law also applies.

When using the university's internet connection, traffic and user logs may be saved and analyzed as needed to be used with, for instance, troubleshooting.

In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and restrict internet content for all- or individual users.

The University reserves the right to prevent and block access to services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.

3.3.4 Email

Students should regularly monitor their assigned e-mail since official communications from the university may be sent to the student's assigned university e-mail address. As a student, it is permitted to automatically forward e-mail from your university e-mail account to another personal/external e-mail adress.

Since all Swedish universities by law are considered governmental entities, the university is by law obligated to follow the by the principle of: freedom of information, making public records and information available to the public upon request (with some restriction). This means that e-mail sent by a student to an employee of the university, such as a teacher, is considered part of the public record and can be subpoenaed if the content is not confidential.

As a student, it is not allowed to send e-mails from external email providers where the sender's address is manipulated (spoofed) to be appearing to come from the "hkr.se" or "stud.hkr.se" domains, unless this has been approved in writing by the head of IT.

Students should avoid registering their student email address with external service providers.

Chain letters and other mass mailings are only allowed if this has been pre-approved in writing by both the university's head of IT and communications manager. Mass-emails that are not specifically approved will be blocked.

If an e-mail message violates the above provisions, you may report this to the university's IT department by sending an e-mail to: 3030@hkr.se.

In the event of uncertainty- or suspicion of fraudulent or harmful content received via e-mail, the university's IT department should be consulted before the content is opened.

3.3.5 Printing and Copying Machines

Students are given a free starting sum in the form of print credits. When these are exhausted, students must purchase additional print credits from the university in order to use the print resources.

Printouts and papers may contain sensitive information and should be handled accordingly.

Printing can be done through the networked printing system (PullPrint / collect at any printer) and in some cases via direct printing.

When sensitive data is printed, this must be done through the networked printing system (PullPrint), which requires logon and physical presence at the printer before the document is printing.

It is not allowed to share- and/or borrow login credentials or RFID access cards to other people.