1. Security at HiOA
- 1.1. Peace, order and threatening situations
- 1.2. Emergency preparedness
- 1.3. Fire
- 1.4. Physically securing HiOA's premises
- 1.5. Reporting criminal offences
- 1.6. Security incidents and breaches
- 1.7. Duty of confidentiality and declaration of confidentiality
2. Processing information at HiOA
- 2.1. What must be protected?
- 2.2. Storing and sharing data
- 2.3. Sharing and online social behaviour
- 2.4. Who owns the information and the results?
- 2.5. Processing of sensitive information
- 2.6. Personal data and data protection
- 2.7. Processing of information stored in cloud computing services
- 2.8. Mobile equipment, apps and wireless networks
- 2.9. E-mail
- 2.10. Bulk e-mail
- 2.11. Calendars
- 2.12. Deleting and shredding
- 2.13. Printouts and paper documents
- 2.14. Fraud and misuse of information
- 2.15. HiOA's IT systems and computer networks
- 2.16. User names and passwords
- 2.17. Remote access to HiOA's systems
- 2.18. Connecting with private equipment from HiOA's premises
Security at HiOA
- Peace and order shall be maintained in the working and study premises. Everyone shall feel safe at HiOA. Aggressive or threatening behaviour is not acceptable. If you end up in a threatening situation:
- Keep calm without provoking. If the situation escalates, withdraw from the situation.
- If you need assistance from a security guard, call 40 911 000.
- In case of serious violent and threatening situations, notify the police immediately by calling 112.
- HiOA would like to know about these situations also after they have happened. Please notify HiOA by sending an e-mail to email@example.com.
- In the event of serious incidents where you need emergency assistance, call: FIRE 110 – POLICE 112 – AMBULANCE 113. State your location (building, floor level, street address). Follow the instructions given by the emergency service.
- Notify HiOA's Emergency Preparedness Unit in the event of serious incidents or situations that may escalate. Call 40 911 000 (24 hours).
- For emergency assistance abroad in the event of serious incidents, call the local emergency number (Store it in your telephone before starting your journey).
- If you need assistance abroad, call the Norwegian Church Abroad emergency phone number: +47 95 11 91 81. The Church has agreed to assist HiOA students and staff in emergencies. (You can download an app with the Norwegian Church Abroad's emergency phone number before travelling).
When the alarm sounds, you must:
- close all windows and doors in your area.
- follow the instructions given by the floor manager, superior, and/or the fire department.
- leave the building through the nearest emergency exit and proceed to the meeting point.
If you discover a fire, you must:
- alert everyone in the area, set off the fire alarm, and call 110
- rescue people who need help to evacuate the building
- extinguish the fire if you are able to
- evacuate via the nearest emergency exit
You must help prevent fires:
The use of candles and open flames is prohibited. This also applies to flares on the outside of buildings. The only exception applies to serviced areas: Fyrhuset café, Festsalen in Pilestredet 52, and laboratory areas that are approved for this purpose. For large events at Kjeller Campus or for special occasions such as ceremonies to mark a death, permission to use candles may be applied for by contacting firstname.lastname@example.org.
- Electrical equipment:
- Coffee makers/kettles must only be used with fixed timers.
- Waffle irons, toasters, hobs, microwave ovens and other equipment must not be used without special permission from the Head of Physical Safety and Fire Prevention (contact email@example.com).
- Extra heaters must not be used. If you want to raise the temperature in a room, contact firstname.lastname@example.org
- You must not cover or disconnect fire alarms, fire detectors or sprinkler systems.
- Keep escape routes free of clutter – avoid storing anything in or by designated escape routes.
- The use of door wedges, etc. to keep doors open is prohibited, because this will prevent them from automatically closing in the event of fire. Closed doors prevent smoke and fire from spreading.
- If you discover matters affecting fire safety, contact email@example.com.
- You are required to complete this e-learning course about fire prevention as soon as possible after joining HiOA.
Gathering place in case of fire at campus Pilestredet
Gathering place no. 1: Pilestredet 44, 46, 48, 50, 52 and Fyrhuset
Gathering place no. 2: Falbesgate 5 og 18
Gathering place no. 3: Holbergs terrasse, Stensberggata 25, 29 and Pilestredet 40
Gathering place no. 4: Pilestredet park 33
Gathering place no. 5: Pilestredet park 35
Gathering place no. 5 og 7: Pilestredet 32
Gathering place no. 6, 8 og 9: Pilestredet 35
Gathering place no. 10: Wergelandsveien 27
- If you need to contact a security guard, call 40 911 000.
- Admission cards/student ID cards are personal and must not be lent to others. Your code must be stored separately from the card. Always carry the card when on HiOA's premises.
- Do not permit people access to locked areas if you do not know that they are permitted to have access.
- Latched doors must normally be kept closed and must always be closed before you leave at the end of the day. For fire safety reasons, door wedges, etc. must never be used to hold doors open. Windows must always be closed before you leave at the end of the day and when the premises are left empty during daytime.
- If you lose your keys, immediately contact firstname.lastname@example.org. If you lose your admission card, immediately order a new one by using BitAdmin and the old card will be deactivated.
- Documents or equipment containing sensitive information should be locked away and not be left accessible in HiOA's premises when not in use. This also applies to offices that are locked.
- Take good care of equipment/items that might be attractive to steal. Do not leave such objects unattended in public areas or classrooms. Remember that equipment may also contain information that you would not want to lose or let others have access to.
- When you leave/are no longer an active student, your admission card will be deactivated. You must return keys to the reception in P46 (Pilestredet Campus) or at the reception at Kjeller Campus. You must return any equipment borrowed from HiOA. IT equipment must be returned to IT User Support (BIT).
- You are solely responsible for reporting thefts of and criminal damage to your property on HiOA's premises.
- All cases of burglary, theft, and vandalism perpetrated against HiOA property will be reported.
- We want to be notified of all criminal offences committed on HiOA's premises. If you become aware of such cases, notify email@example.com. If your report contains sensitive information, please do not send this information in an e-mail. Ask for an appointment with HiOA’s contact person for the police.
If you have questions or know something that can be significant for the safety at HiOA, please send an e-mail to firstname.lastname@example.org. E-mails are only processed during office hours. NB! Do not send sensitive information in an e-mail. Ask for a meeting instead
- Everyone who signs the declaration of confidentiality is obligated to make themselves familiar with what this entails.
- The person responsible for the research project /practical training or immediate superiors must ensure that the necessary confidentiality agreements are signed and filed.
- The duty of confidentiality also applies after you leave HiOA.
Processing information at HiOA
- You must have an awareness of the value of the information you process.
- You must know whether any legal requirements apply to the information you process, and you must comply with such requirements.
- You must reduce the risk associated with the information you process to an acceptable level.
- You must know where you store the information and that it is sufficiently secured relative to its value.
- You must know who you share the information with and that they are authorised to share the content.
- Employees must register and store all information that is subject to case processing and that has documentary value in HiOA's official document management system (Public360).
- In accordance with Norwegian law, you may not post confidential information, personal data without consent, material protected by copyright without permission, defamatory accusations, racist remarks, or threats or representations of sexual abuse of children.
- Be conscious of when you are acting as a private individual and when you are acting on behalf of HiOA. You should also keep in mind that your different roles will nonetheless be associated with you as an individual and that in practice it may be difficult for you and others to distinguish between these roles. For example, a future employer will not distinguish between your different roles as a private individual, a student or an employee.
- There is no "inner circle" in social media. Show extreme caution when referring to students, teachers, colleagues, superiors, internal affairs or external partners, or when referring to deaths, accidents or criminal cases before they are made public.
- Act in accordance with general rules for good manners, accountability, and academic integrity. For example, use citations whenever relevant. Do not post emotionally!
- If material posted on behalf of HiOA is done so illegally or if it might damage HiOA's reputation, contact email@example.com for help on how to deal with it.
- You must not copy personal data or sensitive information that is collected or produced through your studies or work at HiOA unless this has been cleared with the programme coordinator/immediate superior and a written agreement has been signed stating how it should be stored, used, and deleted.
- Material protected by copyright may only be used, made available and distributed under an agreement with the licensee.
- Software subject to licence restrictions is distributed or installed by the Department of ICT.
- Questions of ownership of information may be regulated by law, be determined by an agreement, or assessed based on what assignments you have had at HiOA and what investments HiOA has made.
- You may not use information belonging to HiOA for private commercial purposes unless HiOA has signed an agreement transferring the rights for commercial purposes.
- Before you leave HiOA and your user account is deleted, you are personally responsible for removing information that belongs to you. Transfer HiOA's information to the right location (archive, project, superior).
- The information asset owner at HiOA must ensure that the information is correctly processed according to its value and in compliance with laws and regulations.
Information belonging to HiOA that is highly sensitive must not:
- be stored on private equipment
- be stored unencrypted (on memory sticks and external hard drives)
- be stored on telephones or tablets
- be stored unencrypted on laptops
- be processed on computers that are connected to the internet unless it is for connecting with systems that are secured specifically for processing sensitive information
- stored on mobile equipment
- be posted on the internet
- be transmitted via unencrypted e-mail
Sensitive information must be deleted before discarding or repairing storage media and is subject to the duty of confidentiality.
- All personal data must be processed with caution, while sensitive personal data must be processed according to highly restrictive rules.
- If you process personal data in connection with your studies or research or in other job contexts, your teacher/project manager/superior must provide you with the necessary training.
- You are personally responsible for ensuring that you process personal data in accordance with the current procedures that apply for the data you are processing. If you have any questions, ask your teacher/project manager/superior.
- Be conscious of what information you post about yourself on the internet and in social media. Ask permission before posting information about others, including pictures.
- Never use someone else's identity; to do so is illegal, regardless of the medium used.
- Sensitive information must not be stored in a cloud storage service.
- Use of cloud services in connection with studies or work is done so on personal initiative and responsibility.
- As a general rule, sensitive information may not be processed on mobile devices or via wireless networks.
- Show caution when using open wireless networks, as everything you transmit, including user name and password, is easy to monitor.
- Assess apps before installing them, and remove the ones you do not use. Be aware of what you give apps access to. You should realise that apps may gather information from your device without asking or informing you.
- Employees who synchronise HiOA e-mail/calendars with mobile devices must use a PIN code containing at least six digits to unlock the mobile device.
- All students and employees have a personal e-mail address: firstname.lastname@example.org / first email@example.com. This address shall mainly be used in connection with correspondence related to studies/work.
- Sensitive information must not be sent by e-mail. Consider other alternatives.
- Employees must register and store all e-mails that either contain documentary evidence of decisions made on behalf of HiOA or have documentary value in HiOA's official document management system (Public360).
- Bulk e-mail must only be used for dissemination of academic or administrative information that is relevant for the recipients on the address list. It must not be used for the purposes of exchanging opinions, marketing, or buying/selling. Private/social e-mail communication, invitations, events, etc. may be distributed via bulk e-mail if an event is relevant for the recipients on the address list.
- Avoid entering private or sensitive information in calendars or as attachments. Such entries can be read by others.
- Before equipment/media are sent for repair, handed over to others or discarded, all sensitive information must be deleted using the proper deletion software. The computer's regular deletion function is inadequate. Equipment must be returned to BIT for disposal or reinstallation.
- If the equipment you return to BIT contains internal or sensitive information, you must always indicate this on the form that must be completed when returning the equipment. BIT will then delete such information in a proper manner before discarding the equipment. Memory cards and memory sticks including internal or sensitive information must be handed over to BIT for destruction if they are not to be used by the exact same person(s).
- Sensitive paper documents must always be destroyed in a shredder or be put in the plastic containers with padlocks, marked with "Norsk Gjenvinning og sikkerhetsmakulering" (Norwegian Recycling and Secure Shredding). These are located at different locations around the campuses.
- When you leave HiOA, your e-mail account and any information stored on HiOA’s home server will be deleted. You must make your own copies if you want to keep this information.
- Sensitive paper documents must be securely locked away when you leave the office.
- Paper documents containing sensitive information must not be disposed of in trash cans.
- Only print documents if necessary, and collect your printouts immediately.
Be conscious of what information you possess that could be misused by others. Apply sound scepticism, and be conscious of the different ways you may be tricked (e.g. by phishing, social manipulation, identity theft, and malware).
- HiOA's IT systems shall mainly be used for purposes of study, teaching, research, administration or organisational work for associations that are relevant to studies or work.
- The IT systems must not be used in ways that generate expenses for HiOA unless expressly agreed in writing in advance.
- You must always read your e-mail to make sure you catch important messages. Students are expected to keep updated on information published in Studentweb and Fronter.
- Never give anyone your password, and never log onto HiOA's systems using other people's password.
- If someone knows your password, you must change it.
- The password you use at HiOA must never be used elsewhere, e.g. on Facebook or Gmail.
- Create passwords that are easy to remember and hard to guess.
- Always lock your computer or log off when leaving it in a room where others have access to it, even if you are just popping out for a few minutes.
- Remote access to HiOA's system must only occur via the security solutions provided by BIT.
- Remote access must only be activated from trusted machines (equipment owned by HiOA or personal equipment which only you use and control). You must not activate connections from random machines in internet cafés, hotel lobbies, etc.
- Do not leave your computer unlocked when you are logged on, and log off when you are inactive.
- Equipment owned by HiOA must not be used by others, such as family members.
- Central administrative systems must only be used from equipment owned by HiOA and in accordance with HiOA's guidelines for using the systems.
- Avoid enabling people around you to view your screen.
Connecting to the network: As a general rule, you must connect to the wireless network, Eduroam. Network cables are available in classrooms for connecting private equipment. Connecting private equipment to cabled networks is not permitted in other rooms. If cable connection is necessary in special circumstances, such as during conferences, etc., contact firstname.lastname@example.org.
Installations in the network: You may not set up separate installations in the network (such as a separate server or wireless base station). The Department of ICT is notified of abnormal use of the network. If you require additional services in the network, send a request to email@example.com.
Requirements for private equipment: Private equipment must be installed with the latest security updates and antivirus software. Laptops must have their firewall enabled. File-sharing programmes such as BitTorrent must be turned off. Exemptions may be granted by applying to firstname.lastname@example.org.
IP address: Use the IP address that is automatically generated by HiOA. Use the standard settings and do not set a fixed IP address.