IT security rules for students

The following rules apply to all DTU students, including continuing education students and students at DTU Adgangskursus.

Purpose of the IT security rules
In drawing up its IT security rules, DTU wants to establish a framework for maintaining a stable and well-functioning IT system with minimal disruption to operations while simultaneously protecting user privacy, email privacy, and personal data as stipulated by law. The Executive Board has issued the guidelines in cooperation with the IT function.

DTU’s rules for students on the use of DTU's systems are to make sure that DTU does not experience:

  • Unauthorized use of DTU’s IT systems
  • Illegal use and copying of software and data
  • Breach of confidentiality, i.e. unauthorized persons gaining unauthorized access to data
  • Data corruption, i.e. unintentional deletion or modification of data
  • Operational disruptions, i.e. the use of DTU’s IT systems in a manner that prevents normal operation or leads to unwanted use of resources.

Who is subject to the IT security rules?
The rules apply to all students who use DTU’s systems or networks, whether at DTU or accessing DTU’s systems from outside. All users of DTU’s systems must keep themselves informed about the applicable rules at all times.  Questions about IT use or problems can be emailed to AIT at itsupport@student.dtu.dk. Help can also be given if students use Helpdesk in the DTU Library at Lyngby campus.

User IDs and passwords
The assigned user ID is strictly personal and must only be used by the person it is issued to.

The corresponding password is personal and strictly private, and it must not be disclosed to anybody else. If you suspect that your account has been compromised, you must force a password change.

If you suspect your username/password has been misused by others, you must report it immediately to AIT via e-mail at itsupport@student.dtu.dk.

Copying and protecting data and software
DTU has purchased software licenses for the IT systems, which are available to DTU's students. The programmes must not be used in a way that violates the licensing terms, which vary for the different software packages. The specific rules are available by contacting your local IT support for the relevant licensed programme/system and will, in so far as possible, be published on the website where the software is downloaded.

Generally, the software must not be copied or installed on equipment not belonging to DTU. That also applies even though copying the software without breaking DTU’s security system is technically possible. That is only permissible if it is specifically stated that this is legal or after obtaining prior approval from the local IT support (alternatively, the AIT ServiceDesk).

Data and software in other users’ data fields must be considered their private property. Attempting to access such data without prior agreement with the data owner is prohibited. That also applies even though data can be accessed without breaking DTU’s security system.

Rules for using DTU’s IT systems and external systems or services that DTU may provide access to.

  • All IT resources in the form of computers, servers, licenses, printers, disk space, network traffic, etc., must only be used for study-related purposes. If a project includes personal data, the data must be processed following applicable legislation. Read more at DTU Inside under ’Students' use of data’.
     
  • DTU’s IT systems must not be used for your own commercial purposes or the purposes of others. Almost all of DTU's systems and programs are only allowed to be used in connection to research or teaching. 
     
  • The use of DTU’s IT systems must not violate Danish legislation.
     
  • It is not permitted to publish defamatory or generally offensive material.
     
  • The use of DTU’s IT systems must not damage DTU’s reputation.
     
  • Copyright rules must be observed. For example, DTU’s network and servers must not be used to share copyrighted material in a way that does not comply with the applicable rules.
     
  • It is not permitted to overload IT systems unnecessarily, for example, through excessive disk usage, computer power, and network traffic, without prior agreement with the local IT support (alternatively, the AIT Service desk).
     
  • All users are allocated a disk quota that must not be exceeded. Excessive use may result in files being deleted at any time to keep the total disk usage within the quota. Unused quotas may not be transferred to other users. DTU makes backup copies of user files to a limited extent.
     
  • It is not permitted to disconnect or refrain from using any installed security software (antivirus, etc.).
     
  • DTU reserves the right to examine the content of data and software on user areas in connection with operational disturbances, suspected unlawful acts, or rule violations.
     
  • Please note that DTU collects and registers information on the use of DTU’s IT systems and networks (logging). The collection of information happens primarily with a view to fixing errors and capacity planning. Still, it can also be used as part of investigations regarding violations of the present set of rules. Further, according to Danish law, the information can also be passed on to relevant authorities. Information collected by DTU will only be used and passed on anonymized (statistically) unless it relates to an abuse investigation.

Procedure in the event of violations of the IT security rules
If suspicion occurs regarding breaches of the IT security rules or rules regarding personal data, it must be reported to the Office for Study Programmes and Student Affairs via AUS-Sekretariat@dtu.dk.

Violation may cause disciplinary sanctions for the student. See DTU Inside under ‘Study rules'/'Disciplinary measures towards students’.

Following a consultation procedure with the student and other relevant parties suspected of violating the rules, the Office for Study Programmes and Student Affairs decides on the matter. If the student maintains that the decision contains legal discrepancies, the student can appeal to the dean of the relevant study programme within two weeks of receiving the decision.

https://studieinformation.dtu.dk/english/rules/leave-change-of-study-programme/it-security-rules-for-students
21 JULY 2024