IT security rules for students

The following rules apply to all students at DTU, also for students in continuing education, and at DTU Adgangskursus.

Purpose of the IT security rules
In drawing up its IT security rules, DTU wants to establish a framework for maintaining a stable and well-functioning IT system with minimal disruption to operations while simultaneously protecting user privacy, email privacy, and personal data as stipulated by law. The Executive Board has issued the guidelines in cooperation with the IT function.

DTU’s rules for students on the use of DTU's systems are to make sure that DTU does not experience:

  • Unauthorized use of DTU’s IT systems
  • Illegal use and copying of software and data
  • Breach of confidentiality, i.e. unauthorized persons gaining unauthorized access to data
  • Data corruption, i.e. unintentional deletion or modification of data
  • Operational disruptions, i.e. the use of DTU’s IT systems in a manner that prevents normal operation or leads to unwanted use of resources.

Who is subject to the IT security rules?
The rules apply to all students who use DTU’s systems or networks, whether at DTU or accessing DTU’s systems from outside. All users of DTU’s systems must keep themselves informed about the applicable rules at all times.  Questions about IT use or problems can be emailed to AIT at itsupport@student.dtu.dk. Help can also be given if students use Helpdesk in the DTU Library at Lyngby campus.

User IDs and passwords
The assigned user ID is strictly personal and must only be used by the person to whom it is issued.

The corresponding password is personal and strictly private and must not be disclosed to anybody else. You must force a password change if you suspect that your account has been compromised.

If you suspect your username/password has been misused by others, it must be reported immediately to AIT via e-mail itsupport@student.dtu.dk.

Copying and protecting data and software
DTU has purchased software licenses for the IT systems, which are available to DTU's students. The programmes must not be used in a way that violates the licensing terms. The licensing terms vary for the different software packages. The specific rules are available by contacting your local IT support for the relevant licensed programme/system and will, in so far as possible, be published on the website where the software is downloaded.

As a general rule, the software must not be copied or installed on equipment that does not belong to DTU. That also applies even though copying the software without breaking DTU’s security system is technically possible. That is only permissible if it is specifically stated that this is legal or after obtaining prior approval from the local IT support (alternatively, the AIT ServiceDesk).

Data and software in other users’ data fields must be considered their private property. Attempting to access such data without prior agreement with the data owner is not permitted. That also applies even though data can be accessed without breaking DTU’s security system.

Rules for using DTU’s IT systems as well as external systems or services that DTU may provide access to.

  • All IT resources in the form of computers, servers, licenses, printers, disk space, network traffic, etc. must only be used for study-related purposes. If a project includes personal data, the data must be processed following applicable legislation. Read more at DTU Inside under ’Students' use of data’.
     
  • DTU’s IT systems must not be used for your own commercial purposes or the purposes of others. Almost all of DTU's systems and programs are only allowed to be used in connection to research or teaching. 
     
  • The use of DTU’s IT systems must not violate Danish legislation.
     
  • It is not permitted to publish defamatory or generally offensive material.
     
  • The use of DTU’s IT systems must not damage DTU’s reputation.
     
  • Copyright rules must be observed. For example, DTU’s network and servers must not be used for sharing copyrighted material in a way that does not comply with the applicable rules.
     
  • It is not permitted to overload IT systems unnecessarily, for example, through excessive disk usage, computer power, and network traffic, without prior agreement with the local IT support (alternatively, the AIT Service desk).
     
  • All users are allocated a disk quota that must not be exceeded. Excessive use may result in files being deleted at any time to keep the total disk usage within the quota. Unused quotas may not be transferred to other users. DTU makes backup copies of user files to a limited extent.
     
  • It is not permitted to disconnect or refrain from using any security software which is installed (antivirus, etc.).
     
  • DTU reserves the right to examine the content of data and software on user areas in connection with operational disturbances, suspected unlawful acts, or rules violations.
     
  • Please note that DTU collects and registers information on the use of DTU’s IT systems and networks (logging). The collection of information happens primarily with a view to fixing errors and capacity planning. Still, it can also be used as part of investigations regarding violations of the present set of rules. Further, the information can also be passed on to relevant authorities according to Danish law. Information collected by DTU will only be used and passed on anonymized (statistically) unless they relate to an investigation of abuse.

Procedure in the event of violations of the IT security rules
If suspicion occurs regarding breaches of the IT security rules or rules regarding personal data, it must be reported to the Office for Study Programmes and Student Affairs via AUS-Sekretariat@dtu.dk.

Violation may cause disciplinary sanctions for the student. See DTU Inside under ‘Study rules'/'Disciplinary measures towards students’.

Following a consultation procedure with the student and other relevant parties suspected of violating the rules, the Office for Study Programmes and Student Affairs decides on the matter. If the student maintains that there are legal discrepancies in the decision, the student can appeal to the dean of the relevant study programme within two weeks of receiving the decision.