User rules of the IT departments of Trier University of Applied Sciences

1. Words indicating one gender include all genders.
2. The IT-Departments of the "Trier University of Applied Sciences" are facilities belonging to the "Trier University of Applied Sciences" under the responsibility of the president. The organizational regulations of the IT-departments in its current terms of 29.04.2015 require in §3, article 2 the details of usage to be regulated by user rules.
3. The IT-departments perform publicly accessible and licensing requiring services. The usage of a service that requires licensing is defined as the utilization of the IT-department, the person who uses a service is defined as the user. The usage of services being accessible publicly does not apply as utilization within the meaning of these user rules.

1. Members according to §36 HochSchG as well as honorary professors, lecturers, and scientific assistants (§§ 62 – 64) while performing job-related tasks or during their studies,
2. members and facilities of other state universities/schools or state funded research institutes, based on existing agreements with "Trier University of Applied Science",
3. any other natural or legal persons, who, as guests or co-operation partners of "Trier University of Applied Sciences", use IT resources or services within capacities which are not exhausted by the users according to (1) and (2).

1. The utilization of access restricted IT-services provided by the IT-departments happens by the allocation of an individual user ID, which will be provided by the IT-departments. Students, as well as employees of the "Trier University of Applied Sciences" automatically receive a user-ID at the beginning of their studies or their recruitment. The user is fully responsible for any use of services made through his account.
2. For students the usage authorization ends with the de-registration. The account will be deactivated after the user has been contacted by personnel of the IT-department and given some time as a grace period.
3. For employees of the "Trier University of Applied Sciences" the usage authorization ends when the employment relationship has ended. Decisions about further usage of business data will be made by the responsible supervisor.
4. Other users, applying for special agreements, such as above-mentioned (§2, article 3) receive an authorization which is generally temporary and based on the existing agreement with the "Trier University of Applied Sciences". In case of extension or reduction of the employment, the responsible IT-department has to be informed immediately.
5. Students receive the information about their user authorization along with their enrolment certificate in the mail or can pick it up at the student registration office. Due to privacy guidelines, employees will be handed out their information about their user authorization including user-ID, personal password, and the receipt of these user rules, only in person and on receipt of a written confirmation.

1. The workspaces of the IT-departments are open for the public during general opening hours and office hours.
2. Arrangements for access to the workplaces out of the general opening hours will be released on the website of the particular IT-department.
3. You are to recognize and follow the opening and office hours published by the IT-departments.
4. If using workspaces of the IT-departments out of office hours, instructions given by the personnel of the security company have to be followed.
5. Before using a single computer or whole workspace of the IT-department, eventual reservations of workspaces for courses have to be checked and respected. Corresponding notices are located at the entrances to the workspaces.

a) to acquire the necessary skills to be able to use the IT-systems and services offered by the IT-departments correctly;

b) to follow the terms of use and to not obstruct or affect other users while using the available workspaces of the IT-departments;

c) to use the given user-ID exclusively for himself/herself in accordance to work-related purposes or studies for the “Trier University of Applied Science” and/or cooperating organisations and institutions;

d) to prevent potential abuse of his or her user-ID, more particularly not to share the own password with third parties and to choose an appropriate password, which is not easy to be guessed;

e) to protect personal programs and data of abuse by making use of the defence mechanisms of the particular system;

f) to ensure either by oneself or with help of a responsible supervisor that every used computer within the IT-department is updated to the latest available version of the particularly used system, including an activated and constantly updated virus protection as well as all security-related updates and patches being installed;

g) to appropriately use every issued device, system, medium, or facility within the IT-departments and to leave the workspace clean and organised;

h) to treat other users with respect and to treat the available resources of the IT-department with consciousness;

i) to immediately report any issues, damages and problems with any device, system, medium, or facility within the IT-departments;

j) to follow instructions of the responsible employees of the IT-departments while using the workspaces and facilities;

k) to follow the terms of use while using software, documentaries, and other data, being under legal requirements, especially copyright and data protection and to respect license terms and conditions under which software, documentaries, and other data are released by the IT-department;

l) to coordinate intentions of editing personal data with the responsible system operater beforehand. Excluding obligations occurring as a result of the regulations of the data protection law;

m) to follow the applicable law, especially applicable terms of the criminal law;

n) not to disturb courses taking place in the workspaces of the IT-departments or impede them by blocking resources (cf. §4 bullet number 5);

o) not to install third-party software on any computer of the IT-department without approval of the responsible supervisor;

p) to never access services offered by the IT-department by using another user-ID besides the user-ID uniquely assigned to him or her;

q) not to attempt to gain unauthorised access to protected, encrypted or not publicly accessible data;

r) not to use protected, encrypted or not publicly accessible data, to which he or she accidently gained access to, neither for him or herself, nor to pass it on (for example transferring licensed software to a personal computer);

s) not to attempt any repair work on its own due to any issues, damages and problems with any device, system, medium, or facility within the IT-departments;

t) not to eat, drink (excludes clear water), or smoke while staying in the facilities or making use of workspaces provided by the IT-department.

a) Spying out other passwords or personal data (§202 StGB);

b) Unauthorised changing, deleting, supressing, or disabling of data (§303 StGB);

c) Computer sabotage (§303 StGB) or computer fraud (§263 StGB);

d) Promoting the distribution of propaganda of unconstitutional organisations (§86 StGB) or racist ideas (§131 StGB);

e) Spreading or receiving documents of pornographic content (§184, article 3 and article 5 StGB);

f) Receiving or being in possession of documents including child pornography (§184, article 5 StGB);

g) Defamation like libel or slander (§§ 185 ff. StGB).

a) Every member of the “Trier University of Applied Sciences” is eligible to demand an IT-device, being used for work-related tasks or studies as well as research and administration, getting connected to the IT-Network of the “Trier University of Applied Sciences”. The connection of this IT-device will be performed by the IT-departments based on available possibilities and state-of-the-art standards.

b) In case of the device not being administrated by the IT-departments, the user has to take care that the device that is getting connected has all required hardware, software and security systems installed. The IT-departments give recommendations and help in the selection of appropriate components.

c) The administrative data received with the connection (such as IP-address, computer name, network masks etc.) of a device are to be treated as the user ID. In particular, the administrative data is only to be changed upon approval by the IT-departments.

a) In accordance with state-of-the-art technology, the administrator of a terminal device has to guarantee that the connection of the device to the network can´t cause danger or damage to other network participants or devices connected to the network. The user is obliged to keep the operating system software as well as anti-virus software up to date at any time.

b) The provider of a terminal device has to ensure that only authorized individuals make use of the network services available through the device and that they follow these user rules. Necessary arrangements have to be made to be able to prove if and when other individuals besides the providers made use of network services using the terminal device.

c) The IT-departments are entitled to temporary shutdown network components or remove devices from the network in consultation with the users to do tests and maintenance work and conduct troubleshooting.

d) Preserving integrity is the users’ responsibility. The IT-departments take no responsibility for the accuracy of the transferred data.

e) For the joint use of networks the respective applicable regulations and rules have to be followed.

a) to operate security systems (such as alarm systems, video recording, entrance control) in order to keep the systems, devices and facilities safe and analyse personal data and information in case of damage. Possible involvement of staff council happens according to existing service agreements;

b) to check on and analyse data and programs of the users for test purposes if company interests are touched (e.g. in case of operations disruption or reasonable suspicion of misuse), in accordance with the data protection laws;

c) to save personal data that are required in order to issue a user-ID or to offer IT-services (cf. §3, article 2 and 3);

d) to publish name, surname, field of study/department and Email-address of a user by using electronic information systems;

e) to ask users for their work, utilized programs and methods;

f) to release further user rules as well as temporary priorities or set restrictions in order to ensure optimal securing of the services offered by the IT-departments;

g) to temporary put certain IT-services out of operation due to test purposes or technical changes and improvements;

h) to withdraw the user-ID and usage authorization of IT facilities and services of users who are violating these user rules (cf. §8);

i) to develop damage and risk prevention systems, based on automated data analysis, not including systems using personalised methods (such as SPAM-categorising and anti-virus scans of emails).

a) to support the users of the services and facilities (cf. §6) of the IT-departments in consideration of the available capacities and to the best knowledge and believe. The users’ responsibility for the technical content as well as the factualand computational accuracy of the achieved results remains unaffected;

b) to operate the IT-systems in consideration of economical, technical and organizational aspects for the user in the best possible way;

c) to take organizational measures to avoid loss of data, as well as unauthorised access, use or processing of data, in particular, unauthorised access to personal data;

d) to take reasonable steps to prevent further violations of current laws or the user rules in case of violations as mentions become known;

e) to inform the affected users in time in case of interventions in the availability of IT-systems, as well as in case of use of personal data and programs;

f) to record basic processes and consequences of data-analysing methods (cf. §7 article 1i ) and to inform affected users.

In case of violation of these user rules, current law, or further rules of the Trier University of Applied Science – as far as they affect the IT-departments – disciplinary measurements can be executed, irrespective of any further considerations:

1. Issue a warning.
2. Temporary blocking of the user-ID.
3. Ban on entering the facilities of the IT-departments (exclusion order).
4. Issue the causer an invoice for costs incurred as a result of misuse.
5. Eventually reporting to the contracting authorities of the user.
6. Make a complaint.

A user affected by exclusions 1-4 as listed above, may object to the exclusion in written form at the manager of the responsible IT-department. The president decides about the objection after consulting the affected user as well as the manager of the responsible IT-department.

1. The user is liable for all damage caused deliberately while utilizing services of the IT-departments.
2. All liability of the "Trier University of Applied Sciences" and the IT-departments for damage of all kinds, that occur to the user while or because of utilizing the facilities and services of the IT-departments, is excluded. The user is obliged to exempt the "Trier University of Applied Sciences" of any claims for damage.
3. The IT-departments cannot guarantee the accuracy of results, achieved by using any services and IT-systems provided by the IT-departmen

These updated user rules, adopted by the senate committee of learning and teaching media, communication, and information supply of the Trier University of Applied Science become effective on November 18th of 2015.

Trier, November 19th 2015

The management of the Trier University of Applied Science

The IT-department of the Trier University of Applied Sciences offers users of the E-Mail service at the Trier and Idar-Oberstein locations the possibility of filtering out unwanted advertising E-Mails ("SPAM E-Mails"). Incoming E-Mails are examined by an evaluation program according to several, constantly updated criteria for the presence of characteristics of unwanted E-Mail advertising. We use multiple practices to filter SPAM in the following order:

Blacklisting: If the E-Mail originates from a SPAM distributor generally known on the Internet, the acceptance is refused. If the sending mail server is configured correctly, the sender will be informed about the undeliverability. To identify such SPAM mailing lists, we check each incoming E-Mail to see if the sender is on one of several publicly available, regularly updated lists of known SPAM mailing lists.

Greylisting: We have implemented greylisting according to the RFC 6647 guideline (https://tools.ietf.org/html/rfc6647). Most SPAM mailing lists do not meet these requirements, so their E-Mails will not be accepted. Here, too, it depends on the configuration of the sending server whether the sender is informed about the undeliverability.

Rating system: Non-rejected E-Mails are rated according to a constantly updated procedure with regard to their spam probability.  If an evaluation threshold specified in the system is exceeded, our mail server marks the respective E-Mail by prefixing the sequence "{ SPAM }" in the subject line. The E-Mails are delivered after the evaluation.

The recipient can use our Spamblock service (www.hochschule-trier.de/go/spamblock) to specify whether these E-Mails are to be stored in his regular mailbox or in a mailbox controlled by Spamblock. In the spam block mailbox, E-Mails are automatically deleted after a retention period of 9 days. Further information on the functionality of Spamblock can be found on the service's website.

Liability:
The rating programs are only an attempt at rating. Regardless of the reliability already achieved, there is always the possibility of error in individual cases. It is therefore expressly pointed out that the user himself is responsible for the further treatment of marked E-Mails. The university is not liable for the consequences of non-delivery.

Data protection:
The handling of E-Mails is fully automated. Except for the possible addition of the text sequence "{SPAM}" in the subject line, the content of the E-Mail is neither changed nor are E-Mails or parts thereof deleted by us. Data protection is therefore not compromised.

Trier, 5.1.2015

General principles:
E-Mails infected with viruses and worms pose a major threat to the information infrastructure. To protect the infrastructure, an effective and at the same time user-friendly defense is required.

In order to prevent the internal and external spread of viruses via E-Mails, all E-Mail servers administered by the IT-department check all incoming and outgoing E-Mails. All virus scanners are equipped with an automated update function, so that as soon as new viruses and worms appear, the updated protection function takes effect as soon as the software manufacturer provides an appropriate update.

Procedure:
Virus-infested E-Mails are intercepted and not forwarded! Only if an analysis of the virus/worm shows that it does not falsify the sender address is the sender automatically informed that his E-Mail has not been delivered due to virus infection.

In addition, E-Mails with attachments of the type .exe, .vbs, .pif, .scr, .bat, .com are generally not forwarded due to the high risk potential. The sender will be informed. Such files must be packed in a .zip archive before sending.

Liability:
The analysis of E-Mails for viruses and worms is only as good as the database with recognition features available to the virus scanner. Although these are updated automatically, it cannot be ruled out that due to the unavoidable delay between the occurrence of a new virus/worm and the availability of an updated database, virus-infected E-Mails may pass through the virus scanner. The virus scan of the IT-department therefore does not release the user from his duty of care in handling E-Mails. He should therefore check each E-Mail to see whether the sender is known, whether a corresponding E-Mail (with attachment if necessary) is expected and whether the text part of the E-Mail is sensibly related to the sender. The university is not liable for the erroneous or unconscious delivery of E-Mails containing viruses.

Data protection:
The checking of E-Mails for viruses or worms is fully automated and therefore harmless under data protection law. The high risk potential, however, requires an intervention in such a way that under certain circumstances parts of E-Mails or entire E-Mails are not delivered. In this respect, it cannot be ruled out that important or time-critical information may be withheld from the recipient. However, this also cannot be ruled out due to general technical problems in E-Mail traffic. It is therefore advisable anyway to secure the transfer of important or time-critical information through multiple communication (request confirmation, queries, etc.).

Trier, 5.1.2015