Terms Of Service (IT) - For students
This is an excerpt from Kristianstad University's policy on information security, which refers to the regulations that apply to you as a student when utilizing the university's IT resources.
Excerpt from HKRs policy on information security, chapter 3 - Regulations - Users:
3.3 Student at HKR
3.3.1 User responsibility
As users of the university's IT and information resources, students must comply with certain rules and regulations for how these resources are to be used.
3.3.2 Information access
3.3.2.1 Permissions
The university has access control systems to ensure that only authorized users can access specific information.
It is not allowed to acquire- or attempt to gain higher access into systems for which you are not authorized.
3.3.2.2 User identity, e-mail address and password
Students are assigned a user identity with associated login information the first time they are admitted to a course or program. The user identity consists of an e-mail address and a username based on automatically retrieved information from the Swedish Tax Agency (Skatteverket). The username and e-mail address may be automatically changed in case of a registered name change with the Tax Agency.
Students' user identities and email accounts are activated on the day they are admitted to a course or program. Students' user identity and email accounts are terminated/deactivated after 18 months from the last registered course completion.
A randomly generated password is created for the user identity, which is not assigned to/shared with the student. This password only works as a placeholder until the password is changed. Students are instead assigned a link to the university's portal for password changes, after which a personal password must be chosen.
The password has no expiration date and there are no requirements for password changes beyond the initial requirement to choose a password. However, the University recommends that the password be changed at the start of each semester.
Passwords and user identities are personal and may not be shared with anyone else under any circumstances. It is also prohibited to borrow someone else's login information, even if he/she has given his- or her consent.
Do not write down your passwords where they can be found/seen by other unauthorized people.
You should avoid reusing your passwords, especially on external websites or services.
Passwords should be chosen so that they are difficult to guess (by humans and software) and must meet the university's password criteria regarding complexity:
- Password should not contain the user's name or user name.
- Password should consist of at least 8 characters.
- Password should not contain any of the following characters: Å, å, Ä, ä, Ö, ö
- Password should consist of characters from three (3) of the following four (4) groups:
- Lowercase letters: a-z
- Uppercase letters: A-Z
- Numbers: 0-9
- Special characters (symbols):! @ # $% / () [] =? + \ *,; . : - _ |
- Not be the same as the ten (10) most recently used passwords.
The password should be changed immediately on suspicion that the password has been known by someone else.
In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and prevent access to user accounts and information resources.
3.3.2.3 Use of university equipment
When using the university's computers, students should primarily store their files in "My Home Directory" (also called "H:") on the computer. "My Home Directory" is automatically synchronized to the university's servers, which means that data is backed up to the server.
Students may also use their personally assigned Onedrive cloud share to store data.
Private (non-university related) use or storage of private data in the university's cloud services, is not permitted. This also applies to the use of, and storage on "My Home Directory" (also called "H:").
Data stored on the local hard drive (C :) (for instance on the Desktop) is not backed up and may be erased when the university computers are rebooted and/or reset automatically.
It is not permitted to install, store, use or make available pirated software or media (such as film and music) on equipment or other computer systems belonging to the university.
The University reserves the right to prevent and block access to software and services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.
Upon completion/end of the students studies, the student is responsible for:
- any assigned/borrowed computers- or other devices are returned in working- and clean condition.
- any assigned/borrowed computers- or other devices are returned in such a condition that reuse is possible.
In some cases, however, the assigned/borrowed computer may be purchased by the student upon graduation after a finalized purchase agreement with the university.
Storage of information/data containing personal data (yours and others) should be handled with care. If sensitive personal data or classified information is stored on external/movable storage media (eg USB-stick or memory card), these must be encrypted to prevent unauthorized access in the event of loss. For assistance with implementing encryption, contact the IT department.
3.3.2.4 Use of private equipment
You are permitted to connect private equipment (computer, phone, etc) to the university's wireless network (Eduroam), provided that the equipment does not expose the university to obvious security risks / threats. However, it is not permitted to attempt to connect private equipment to the university's wired network (ethernet).
In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and prevent such equipment from accessing information resources and network services.
The University also reserves the right to prevent and block access to software and services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.
3.3.3 Internet
The university provides staff, students and guests with internet connectivity via SUNET (ISP). The university strives to keep the internet access as open and free as possible in accordance with net neutrality. In order for this to happen, certain ethical requirements are inevitably placed on the users of the university's internet connection and it is therefore not allowed to:
- attempt to gain access to network- or other IT resources without being authorized to do so;
- attempt to interfere with, or disrupt network services or other connected IT resources;
- attempt to damage or destroy digital information/data and/or resources;
- intentionally- and maliciously wasting available resources (personnel, hardware or software);
- infringe on the privacy of others,
- maliciously insult, threaten or humiliate others.
Appart from the above rules and regulations set by the university, provisions regulated by Swedish law also applies.
When using the university's internet connection, traffic and user logs may be saved and analyzed as needed to be used with, for instance, troubleshooting.
In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and restrict internet content for all- or individual users.
The University reserves the right to prevent and block access to services that are deemed to be directly inappropriate, illegal or otherwise expose the university and it's users to serious security risks.
3.3.4 Email
Students should regularly monitor their assigned e-mail since official communications from the university may be sent to the student's assigned university e-mail address. As a student, it is permitted to automatically forward e-mail from your university e-mail account to another personal/external e-mail adress.
Since all Swedish universities by law are considered governmental entities, the university is by law obligated to follow the by the principle of: freedom of information, making public records and information available to the public upon request (with some restriction). This means that e-mail sent by a student to an employee of the university, such as a teacher, is considered part of the public record and can be subpoenaed if the content is not confidential.
As a student, it is not allowed to send e-mails from external email providers where the sender's address is manipulated (spoofed) to be appearing to come from the "hkr.se" or "stud.hkr.se" domains, unless this has been approved in writing by the head of IT.
Access to shared mailboxes and service accounts in the "@hkr.se" domain, may only be assigned to appointed students that are working on behalf of the university by some form of employment.
Students should avoid registering their student email address with external service providers.
Chain letters and other mass mailings are only allowed if this has been pre-approved in writing by both the university's head of IT and communications manager. Mass-emails that are not specifically approved will be blocked.
If an e-mail message violates the above provisions, you may report this to the university's IT department by sending an e-mail to: 3030@hkr.se.
In the event of uncertainty- or suspicion of fraudulent or harmful content received via e-mail, the university's IT department should be consulted before the content is opened.
In cases of non-compliance with the aformentioned rules and regulations, or if it's otherwise deemed necessary from a security point of view, the university reserves the right to block and restrict access to students' e-mail accounts.
3.3.5 AI Services (Artificial Intelligence)
The following applies to the use of AI services, regardless if these services are supplied by the university or a third party.
AI services come in multiple different variants. It could be a chat robot ("Chat bot") that the user is asking questions, or assigns tasks to perform. ChatGPT and Copilot are examples of this kind of Chat bots, but there are many other services similar to these.
Other examples of AI services are digital assistants used in smart phones or cars, such as "Siri", "Bixby", "Alexa" and so on.
Information security is especially important as AI services by their very nature function and expands by collecting basically all the data they come into contact with, including data that the user provides (for example, a question to an AI-based chatbot).
When using AI services, it is not permitted to transfer or provide the service with personal data (for example through a "question"). It is therefore not permitted to sort a participant list through an AI service, as this would mean that existing personal data is transferred to the service provider (which would mean a breach personal data).
Only when using AI services for university related purposes, is it permitted to register a user account with an e-mail address from the university.
When using AI services, the university does not provide any user support or technical support.
It is the user themself who is responsible for deciding on the accuracy of the information provided by the AI service.
3.3.5.1 AI services in teaching and examination
It is up to the examiner to decide, and to be clear whether/when AI services may be used by the students. Suspicions of unauthorized use of AI services (for instance: plagiarism) during examinations are handled according to the university's set procedure for disciplinary matters.
In cases where teachers or examiners encourage students to use AI services, they are responsible for ensuring that students are informed of these guidelines.
3.3.6 Printing and Copying Machines
Students are given a free starting sum in the form of print credits. When these are exhausted, students must purchase additional print credits from the university in order to use the print resources.
Printouts and papers may contain sensitive information and should be handled accordingly.
Printing can be done through the networked printing system (PullPrint / collect at any printer) and in some cases via direct printing.
When sensitive data is printed, this must be done through the networked printing system (PullPrint), which requires logon and physical presence at the printer before the document is printing.
It is not allowed to share- and/or borrow login credentials or RFID access cards to other people.