IT security rules for students

The following rules applies for all students at DTU, also for students at DTU Adgangskursus.

Purpose of the IT security rules
In drawing up its IT security rules, DTU wants to establish a framework for maintaining a stable and well-functioning IT system with a minimum of disruption to operations while at the same time protecting user privacy, email privacy, and personal data as stipulated by law. The guidelines have been issued by the Executive Board in cooperation with the IT function.

DTU’s rules on IT security are to make sure that DTU does not experience:

  • Unauthorized use of DTU’s IT systems
  • Illegal use and copying of software and data
  • Breach of confidentiality i.e. unauthorized persons gaining unauthorized access to data
  • Data corruption, i.e. unintentional deletion or modification of data
  • Operational disruptions, i.e. the use of DTU’s IT systems in a manner which prevents normal operation or leads to unwanted use of ressources.

Who is subject to the IT security rules?
The rules apply to all students who use DTU’s systems or networks, whether at DTU or accessing DTU’s systems from outside.All users of DTU’s systems are obliged to keep themselves informed about the applicable rules at all times.  Questions about IT use or problems can be emailed to AIT at itsupport@student.dtu.dk. Help can also be given, if students make use os Helpdesk in the DTU Library at Lyngby campus.

User IDs and passwords
The assigned user ID is strictly personal, and must only be used by the person to whom it is issued.

The corresponding password is personal and strictly private, and must not be disclosed to anybody else. If you suspect that your account has been compromised, you must force a password change.

If you suspect that your username/password has been misused by others, it must be reported immediately to AIT via e-mail itsupport@student.dtu.dk or by contacting AIT in the Helpdesk in the DTU Library at Lyngby campus.

Copying and protecting data and software
DTU has purchased software licences for the IT systems which are made available to DTU students. The programs must not be used in a way that violates the licensing terms. The licensing terms vary for the different software packages. The specific rules are available by contacting your local IT support for the relevant licensed programme/system.and will in so far as possible be published on the website where the software is downloaded.

As a general rule, the software must not be copied or installed on equipment which does not belong to DTU. This also applies even though it is technically possible to copy the software without breaking DTU’s security system. This is only permissible if it is specifically stated that this is legal or after having obtained prior approval from the local IT support (alternatively the AIT servicedesk).

Data and software in other users’ data fields must be considered their private property. It is not permitted to attempt to access such data without prior agreement with the data owner. This also applies even though data can be accessed without breaking DTU’s security system.

Rules for using DTU’s IT systems as well as external systems or services, that DTU may provide access to.

  • All IT resources in the form of computers, servers, licences, printers, disk space, network traffic, etc. must only be used for study-related purposes. If a project includes personal data, the data must be processed in accordance with applicable legislation. Read more at DTU Inside under ’Studerende som databehandlere.
     
  • DTU’s IT systems must not be used for commercial purposes.
     
  • The use of DTU’s IT systems must not violate Danish legislation, and all content must be sober.
     
  • It is not permitted to publish defamatory or generally offensive material.
     
  • The use of DTU’s IT systems must not damage DTU’s reputation.
     
  • Copyright rules must be observed. For example, DTU’s network and servers must not be used for sharing copyrighted material in a way that does not comply with the applicable rules.
     
  • It is not permitted to overload IT systems unnecessarily, for example through excessive disk usage and network traffic, without prior agreement with the local IT support (alternatively the AIT Service-desk).
     
  • All users are allocated a disk quota which must not be exceeded. Excessive use may result in files being deleted at any time to keep the total disk usage within the quota. Unused quotas may not be transferred to other users. DTU makes back-up copies of user files to a limited extent.
     
  • It is not permitted to disconnect or refrain from using any security software which is installed (antivirus, etc.).
     
  • DTU reserves the right to examine the content of data and software on user areas in connection with operational disturbances, suspected unlawful acts, or violations of the rules.
     
  • Please note, that DTU collects and registers information on the use of DTU’s IT systems and networks (logging). The collection of information happens primarily with a view to fixing errors and capacity planning but can also be used as part of investigations regarding violation of the present set of rules. Further, the information can also be passed on to relevant authorities according to Danish law. Information collected by DTU will only be used and passed on anonymized (statistically) unless they relate to an investigation of abuse.

Procedure in the event of violations of the IT security rules
If suspicion occurs regarding breaches of the IT security rules or rules regarding personal data, it must be reported to the Office for Study Programmes and Student Affairs via AUS-Sekretariat@dtu.dk.

Violation may cause disciplinary sanctions for the student. See DTU Inside under ‘Structure and Rules'/'Disciplinary measures towards students’.

Following a consultation procedure with the student and other relevant parties suspected of violating the rules, the Office for Study Programmes and Student Affairs makes a decision on the matter. If the student maintains that there are legal discrepancies in the decision, the student can appeal to the dean of the relevant study programme within two weeks of receiving the decision.

http://www.studieinformation.dtu.dk/english/rules/leave-change-of-study-programme/it-security-rules-for-students
23 SEPTEMBER 2019