Rules of using Riveria’s information network and information systems

Review the rules of use carefully.

1. Rules and principles of use

The rules of using the information network and systems of North Karelia Municipal Education and Training Consortium Riveria (hereinafter referred to as “Riveria”) apply to Riveria’s students, personnel and other users authorised to use Riveria’s information network and information systems.

Riveria offers its students and staff a reliable information network and systems that can be used in a flexible and secure manner. The aim is to maintain the confidentiality, integrity and availability of information. This requires that users comply with and accept these rules of use.

The main principles guiding use are:

Appropriate use is possible for all users

  • Harm or damage must not be caused to other users
  • Privacy must be protected
  • The access right granted by Riveria is personal
  • The user is liable for all use of their credentials

2. Access right and user credentials

The access right to Riveria’s network services becomes valid after the user has received a personal username and accepted these rules of use. The user agrees to comply with the educational institution’s valid guidelines and rules for the use of IT services.

The user is responsible for the granted user credentials and their passwords, and takes care of changing the password as instructed by Riveria. Usernames and passwords must not be handed over to anyone else. When a workstation is left without the user’s supervision, the user must log out or lock the terminal to pre-vent the unauthorised use of the workstation.

The access right is valid:

  • from the beginning to the end of employment or studies.
  • until separate access right agreement expires.
  • the user’s position changes so that there are no longer rights for the access right.

The user must personally take care of transferring and deleting any data they own before the expiry of the access right. Employees’ usernames are automatically locked 7 days after the expiry of access right and students’ immediately after the expiry of study rights.

3. User’s responsibility for information security and data protection

All information system users are responsible for the overall security, information security and data protec-tion of Riveria’s information systems and data contained therein for their own part.

  • Unauthorised retrieval of data in the information systems or attempt thereof is prohibited. For ex-ample, retrieving and reading data and files belonging to another user is only permitted if the user has consciously published them to the other users of the system.
  • If a user accidentally receives data addressed or belonging to someone else, its use, storage and distribution is prohibited. The administrators of the system and the user concerned must be in-formed of the event.
  • The access right must not be used for looking for information security gaps, unauthorised decryp-tion, eavesdropping or altering data communications or breaking into other systems, directories or services. Any security flows observed by the user must be immediately reported to system admin-istrators.
  • Harassing other users in the information system or using the system in a way that interferes with operation, such as burdening the computers or network capacity in a way that prevents others from using it, is prohibited. In addition, prohibited activities include port scanning, online gaming, use of P2P network software and sending and distributing chain letters, advertisements, viruses and malware.
  • The use of Riveria’s information network, information systems and user credentials for political, re-ligious, ideological, immoral or commercial non-Riveria activity is prohibited.

4. Misuse and its consequences

A person acting in violation of general legislation and these usage rules or can be justifiably suspected of a breach of information security or data protection may lose their access rights or have them restricted. A warning or a reprimand may also be issued.
 
Riveria’s own investigation and restriction measures are primarily applied to cases of misuse of information systems and information networks. The administrators will investigate every suspected case of misuse.

Consequences of misuse:

  • Depending on the type of misuse, the user may be issued a warning or a reprimand, restrictions of use or a temporary ban.
  • If the misuse is severe, causes financial losses or a crime is suspected, the matter will be forwarded to the police.
  • Misuses by employees will be handled in accordance with the Employment Contracts Act.
  • Breaches of usage rules by students will be handled in accordance with the disciplinary process.
  • Decisions issued on disciplinary matters can be appealed against.
  • Those guilty of misuse can be made liable for damages.

5. Supervision and administration

Each information system has a designated system administrator, their back-up and a person with technical responsibility, who are responsible for the use of the system and preparing its instructions for use. Riveria’s information management is responsible for hardware, the information network and information systems, with the exception of information systems provided by third parties.

In order to carry out their duties, the administrators of Riveria’s information management are authorised to supervise and restrict the use of information systems, if this is required to handle an incident in the system or there is reason to suspect misuse concerning the use of the system or criminal activity. In this case, the administrator can review or otherwise intervene in users’ files and network traffic without the user’s permission, and, if necessary, copy, transfer, delete or read data on computers or network drives. If the connections are overloaded or their use causes security risks, the administrators can restrict data traffic.

Log data

Riveria’s information systems store log data concerning users’ actions in the system. The log files are absolutely required when investigating errors or misuse.  The monitoring of logs by information management is process- and hardware-oriented, and individual users’ activity is not monitored under normal circumstances. Log data can be transmitted to law enforcement authorities for investigations when suspecting a crime or to a service provider when preventing or aiming to protect against a data breach or other unauthorised use.

The administrators are under an obligation of secrecy and confidentiality regarding all personal data on computers and the information network. If necessary, the administrators may use remote management in the administration of workstations.

Administration of the rules

These usage rules are updated as necessary due to changes in Riveria’s information management services or legislation. The IT manager and those responsible for information security and data protection are responsible for updates and regularly monitoring of the need for updates. The up-to-date version will be distributed to the personnel on the intranet and to students via Wilma.

Employees’ notifications of errors, misuse and enquiries should be sent to helpdesk@riveria.fi or by calling +358 (0)13 244 2010. Information security and data protection incidents are reported by using the security incident observation form in the Intra shortcuts. Students’ contacts with information management take place through tutors.

IT manager 1 July 2022