====== IT Charter of the Faculty of biology and medicine (FBM)======
===== 1. Scope =====
This charter applies to all authorized users (teachers, staff, students) and all temporary users (trainees, apprentices) of the computer systems and telecommunication network belonging to the units who have signed the Membership and the support agreement of the FBM IT Platform.
===== 2. Contacts =====
The following partners are responsible for the application of this Charter:
* The Dean’s Office and the FBM IT service,
* Head of the Department / Service / Institute where the authorized or temporary user works.
===== 3. Documents and reference texts =====
The use of IT resources within the University of Lausanne is regulated by the following Internal Directives enacted by the Rectorate:
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/0-aff-gen/dir0-6-transmission-info-prot-pers3.pdf|Directive 0.6 Transmission d'informations en relation avec la protection de la personnalité]]
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive 4.5 Traitement et gestion des données de recherche]]
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive 6.1 Utilisation le l'infrastructure informatique]]
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-6-equip-informatique.pdf|Directive 6.6 Equipement informatique]]
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-8-utilisation-listes1.pdf|Directive 6.8 Utilisation des listes électroniques de distribution]]
* [[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-9-fichiers-info3.pdf|Directive 6.9 Fichiers informatiques et protection des données personnelles]]
In addition to these texts, the user must comply with all standards relating to data protection and governing his use of the digital resources made available to him, such as:
* [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/414.11?key=1583132681379&id=d058f36a-66d6-487b-820d-529dbdad74d8|Loi sur l'Université de Lausanne du 06.07.2004 (LUL)]] et [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/414.11.1?key=1576140642159&id=18a7e6d2-a1b5-46b7-aa99-c9468d30f4c6|son Règlement d’application (RLUL)]]
* [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/172.31.1?key=1543853921350&id=6859cebf-d400-4969-b36d-0e936886b34c|Art. 125 du règlement d’application de la loi du 12 novembre 2001 sur le personnel de l’Etat de Vaud (RLPers-VD) du 09.12.2002 (RSV 172.31.1)]]
* [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/432.11?key=1563440792736&id=f09bdf70-5553-4116-b2df-82226faac73a|Loi cantonale vaudoise sur l'archivage du 14.06.2011 (LArch)]]
* [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/172.65?key=1563440685420&id=cf9df545-13f7-4106-a95b-9b3ab8fa8b01|Loi cantonale vaudoise sur la protection des données personnelles du 11.09.2007 (LPrD)]] et [[https://prestations.vd.ch/pub/blv-publication/actes/consolide/172.65.1?key=1563440735744&id=be62ac0b-496b-47d0-a5ac-1d3a3aaa1760|son Règlement d’application (RLPrD)]]
* [[https://www.admin.ch/opc/fr/classified-compilation/19920153/201401010000/235.1.pdf|Loi fédérale sur la protection des données personnelles du 19.06.1992 (LPD)]]
* [[https://www.admin.ch/opc/fr/classified-compilation/19920251/201701010000/231.1.pdf|Loi fédérale sur le droit d’auteur et les droits voisins du 09.10.1992 (Loi sur le droit d’auteur, LDA)]]
* [[https://www.iso.org/fr/standard/75652.html|ISO/IEC 27002:2022 Sécurité de l'information, cybersécurité et protection de la vie privée Mesures de sécurité de l'information]]
In general, the user is required to comply with the rules and practices of the University of Lausanne, to ensure respect for morality and to use the digital means at his disposal in such a way as to safeguard the reputation of the University of Lausanne and its organs on the one hand and to guarantee the dignity of its members and third parties on the other hand
===== 4. General principle =====
- Three categories of computer equipment are considered(([[fr:administratif:reglements_et_directives:prestation_equipement_si|Annexe I: Tableau récapitulatif des prestations par type d'équipement]])) and defined as follows:
- **Private equipment**: designates any computer equipment not inventoried at UNIL which connects to the resources of the FBM. For example: the laptop of an employee or affiliate whose stays at the FBM for less than six months, a private mobile phone, etc.;
- **UNIL equipment**: designates any computer equipment inventoried at UNIL that has not been purchased through the FBM IT Service. For example: equipment moved from another institution, private laptops set to inventory, any computers linked to scientific equipment which are not managed by the FBM IT Service, etc. The owner is solely responsible for the proper functioning of this kind of equipment and the FBM IT Service only offers “best effort” support for these computers;
- **FBM equipment**: any computer equipment purchased through the FBM IT Service (desktops, laptops, computers linked to scientific equipment which are managed by the FBM IT Service, etc.) by a member or an entity of the FBM (professor, staff, student). In order to facilitate the management of the IT stock, equipment is standardized. For security purposes, access restrictions (withdraw of administrative rights) are applied and the FBM IT Service offers full support on these computers.
- For any change of rights the permission of the FBM IT Service is required. For any addition or removal of FBM equipment, the agreement of the head of department/entity manager is mandatory.
===== 5. Purchase of hardware and software and inventory management =====
==== 5.1 Purchase ====
- Any member of the FBM, regardless of his affiliation or status, willing to acquire new hardware or software, regardless of the funding source, must first consult a member of the FBM IT Service in order to define the technical specifications, the needs within UNIL’s standards, the type of software or device required (desktop, laptop, linked to scientific equipment, server, printer, etc.)(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-6-equip-informatique.pdf|Directive de la Direction 6.6 Equipements informatiques, Art. 6 Principes d'acquisition al.1]])).
- The FBM IT Service is responsible for pre-approving the order, preparing the necessary order forms and forwarding the complete request to the concerned fund manager.
==== 5.2 Inventory ====
- In order to manage IT stock at best, every FBM and UNIL equipment (desktop, laptop, computer linked to a scientific setup) is inventoried.
- The assigned UNIL inventory number must be visible on the equipment(([[https://www.unil.ch/ci/home/menuinst/catalogue-de-services/materiel-et-logiciel/inventaire-materiel-informatique.html|Règles de mise à l’inventaire du catalogue du Ci]])).
==== 5.3 Adding to the inventory ====
- Hardware ordered through the FBM IT Service is automatically added to UNIL’s inventory.
- Upon justified request, any person working for the FBM for a period of 6 months or more may ask for the inventory of his private equipment(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-6-equip-informatique.pdf|Directive de la Direction 6.6 Equipement informatique, Art. 11 Mise à l'inventaire al.1]])).
- The following criteria apply to the inventory:
- age of the equipment (less than 5 years);
- number of devices registered by the applicant (maximum 1 equipment per person);
- justification for professional use and general need (no access to a workstation, etc.).
- Each application must be signed by the head of the department/entity manager before it can be considered by the FBM IT Service.
- The FBM IT Service notifies the requests and forwards them for approval to UNIL's IT Center.
- Any private equipment added to UNIL's inventory is then considered as UNIL equipment.
==== 5.4 Removing equipment from the inventory====
- Any hardware removal from the inventory must be reported and justified to the FBM IT Service.
- Any request previously cleared by the FBM IT Service is then transmitted to UNIL’s IT Center, who gives the final approval. In principle, the following conditions apply:
- equipment must be older than five years;
- it must be free of any maintenance contract;
- it is sold or donated without warranty;
- the equipment that is sold or donated must be offered in priority to members of the university community, UNIL budgetary units or individuals and to non-profit association;
- if the device contains a hard drive, it must first run through a reset procedure in order to erase it completely before it can be given to its new owner.
- When removing hardware from the inventory, UNIL’s IT Center sends an authorization to the FBM IT Service, and a request for any eventual invoice to the Accounting Services. The amount will be credited on the concerned Budgetary Unit's account (hereafter BU). UNIL’s IT Center has authority to fix the selling price.
===== 6. Terms of use and benefits=====
==== 6.1 Private equipment ====
- Users connecting to the FBM’s resources with private equipment must comply with the following rules:
- ensure that the equipment is updated with the security patches and updates for their respective operating system;
- use an updated anti-virus program (unless otherwise specified by the FBM IT Service).
- The FBM IT Service does not perform any kind of support or other assistance on private equipment.
==== 6.2 UNIL equipment ====
- Users connecting to the FBM resources with UNIL equipment must comply with the following rules:
- ensure that the equipment is updated with the security patches and updates for their respective operating system;
- use an updated anti-virus program (unless otherwise specified by the FBM IT Service).
- The FBM IT Service defines the terms of support. This is usually limited to support for issues related to the use of FBM / UNIL resources or software installed, without guaranteeing response time or the resolution of the problem.
- The FBM IT Service may refuse support or request reinstallation of equipment if its configuration diverges too much from UNIL standards.
==== 6.3 FBM equipment====
- To join FBM equipment, the acquirement procedure and inventory management should be respected, exceptions being mentioned above in section 5.
- Any FBM equipment is provided in a standard configuration defined by the FBM IT Service. For security purposes, access restrictions (withdraw of administrative rights) are applied to the equipment.
- Without explicit permission of the FBM IT Service users do not have the right to:
- move equipment without informing the FBM IT Service (except laptops and other mobile devices);
- add or remove components (hardware or software);
- install any software that does not comply with the directive on software and equipment used at the FBM / within the Department / Service / Institute or for which the user does not have a proper license.
- The FBM IT Service provides full support for all FBM equipment. This includes:
- help for using FBM / UNIL software;
- installation and configuration of equipment for everything related to business use;
- repair and troubleshooting (hardware and software);
- loan service when available.
- Any exception (full or partial administrative rights, unusual software configuration etc.) requires prior approval, decided jointly between the head of the department /unit manager, the supervisor and the FBM IT Service representative of the concerned entity. Valid reasons for such authorization are for example:
- software that requires administrative rights to operate;
- non-standard equipment for which the FBM IT Service does not have management skills;
- computer scientist or a person with an equivalent profile in the requesting unit to which the FBM IT Service delegates complete or partial management of computers.
- In the event of an exception agreement, the FBM IT Service reserves the right to adjust the level of provided support.
==== 6.4 Software ====
- Software purchased or offered by the FBM IT Service reflects the realities of management optimization, compatibility and costs.
- It is forbidden to install the same software on multiple computers and to register only one license. Copying software is illegal.
- The FBM IT Service does not authorize or install any software that does not comply with current data protection regulations.
==== 6.5 Security ====
- The terms computer equipment access are defined by UNIL’s IT Center(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive de la Direction 6.1 sur l'utilisation de l'infrastructure informatique Art. 10 Devoirs des membres du personnel de l’UNIL]])). Usernames and passwords are issued on a personal basis. They are strictly confidential and must not be disclosed to third parties. Are prohibited:
- the installation of software that unveils the passwords of other users;
- to use another user's credential;
- to make unauthorized intrusions on the FBM IT Service's servers;
- to neutralize and/or modify any security parameter that has been set.
- Users agree to strictly adhere to the instructions received from Ci regarding computer security in order to prevent any fraudulent use of their IT account(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive de la Direction 6.1 sur l'utilisation de l'infrastructure informatique Art. 5 Principes généraux al.5]])).
- At all times, the user is responsible for the use of his personal account and the data it contains.
- To ensure the confidentiality of his data, the user sets a password in compliance with the latest safety practices and changes it at least once a year.
- Users must first give their consent before the FBM IT Service can access their computers remotely (intended for software distribution, screen sharing, software modifications, etc.). For a single intervention on a personal computer, the user’s request acts as an authorization. In the case of a larger scale intervention on several personal or shared computers (for software distribution for example), the FBM IT Service informs the users beforehand, within a reasonable time, specifying that a remote maintenance work will be carried out including the modalities (date and time of the intervention, equipment modifications).
- At the user's departure, unless otherwise agreed by the FBM IT Service, any access granted by the FBM is removed/deleted on the date of termination of the contract between the user and the University of Lausanne.
==== 6.6 Storage and confidentiality ====
- 1. The data resulting from the work of employees during their activities at UNIL are protected by copyright but remain the property of UNIL according to article 70 LUL(([[https://prestations.vd.ch/pub/blv-publication/actes/consolide/414.11?key=1583132681379&id=d058f36a-66d6-487b-820d-529dbdad74d8|Loi sur l’Université de Lausanne du 6 juillet 2004 (LUL) Chapitre III Propriété intellectuelle Art. 70 Propriété intellectuelle]])).
- 2. The FBM IT Service, in partnership with UNIL’s IT Center, provides institutional infrastructure dedicated to the storage of administrative and research data (UNIL NAS server) within existing budgetary constraints(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive de la Direction 6.1 sur l'utilisation de l'infrastructure informatique Art. 5 Principes généraux]])).
- Only professional data, including research data, can be stored on the UNIL institutional infrastructure. Duplication should be avoided and the directories must regularly be purged (by the user) from data that is no longer relevant or has become useless in the professional context(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive de la Direction 6.1 sur l'utilisation de l'infrastructure informatique Art. 11 Utilisation à des fins privées al. 2]])).
- On the institutional storage infrastructures, two different folder trees are used to organize administrative, work or research data according to their nature(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive de la Direction 4.5 Traitement et gestion des données de recherche Art. 3 Champs d’application matériel al. 3]])): on the central storage space (nas.unil.ch\FBM), administrative data is classified according to the area of competences of the working group. On the research storage space (nasdcsr.unil.ch\FAC\FBM), research data is classified by project in the Principal Investigator's directory(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive de la Direction 4.5 Traitement et gestion des données de recherche Art. 11 Organisation des données de recherche par Projet]])).
- The user is solely responsible for the data he produces and stores on the institutional infrastructure. More specifically, he is competent to assess the relevance of his data and must ensure that the file names match their nature.
- The FBM IT Service grants access to administrative data on the central storage space (nas.unil.ch\FBM) in accordance with the department head or delegate.
- On the request of the Principal Investigator, the Scientific Computing and Research Support Unit of the UNIL’s IT Center opens project directories on the research storage space (nasdcsr.unil.ch\FAC\FBM)(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive de la Direction 4.5 Traitement et gestion des données de recherche Art. 8 Stockage des données de recherche al. 3]])) and delegates the management of access and authorizations to the requester(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive de la Direction 4.5 Art. 4 Organisation en groupe de recherche et désignation d’un Principal Investigator al. 2]])).
- UNIL’s IT Center defines the modalities of data protection and data backup as well as the pricing of services for data management(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/4-rech/dir4-5-donnees-rech.pdf|Directive de la Direction 4.5 Traitement et gestion des données de recherche Art. 9 Facturation pour le stockage des données de recherche]])) on institutional storage infrastructures.
- Regarding the institutional storage infrastructure which belongs to UNIL’s IT Center, the FBM IT Service disclaims any liability for the availability, security and integrity of data, interruption of service or any other unforeseen incident beyond the safeguards and protection established by UNIL’s IT Center.
- If circumstances so require, the user accepts that the employees of the FBM IT Service and the UNIL IT Centre may access any unencrypted data stored on the institutional storage infrastructure. The list of access rights may be requested to the FBM IT Service.
- For any information stored outside the institutional storage space (UNIL NAS server) or oustide a central server provided and managed by the FBM IT Service, no warranty is given in regard to the availability, security, integrity and backup of the stored data.
- In cases where the intervention of the FBM IT Service requires the backup of the data or other information, the FBM IT Service is committed to:
- respect the privacy and confidentiality of data;
- destroy any stored data after a period of three months.
- At the departure of a user, the latter:
- ensures to sort all of his data stored locally on the FBM or UNIL equipment he used for his work by transferring all remaining administrative or research data to an appropriate shared directory of trees available to him on the institutional storage infrastructures;
- agrees that all unsorted data left in any nominal folder on the institutional storage infrastructures will be deleted within 30 days of departure;
- agrees that any data left locally on the FBM or UNIL equipment can be removed 30 days after his departure.
==== 6.7 Conditions of use ====
- The equipment provided by the FBM IT Service is dedicated to professional or academic use.
- We remind you that the possession, display or dissemination of any computer data owned by third parties is protected by the LDA (Loi fédérale sur le droit d’auteur).
- Limited personal use is allowed provided it meets the following conditions:
- it does not alter the physical and logical configuration of the equipment;
- it does not result in direct costs for the FBM;
- it does not interfere with the user's work and his colleagues;
- it does not affect the interests and the image of the FBM;
- it does not significantly overload the available equipment or infrastructure and/or interferes with other users connected to FBM resources(([[https://www.unil.ch/files/live/sites/central/files/textes-leg/6-inf/dir6-1-infra-informatiquev2.pdf|Directive de la Direction 6.1 sur l'utilisation de l'infrastructure informatique Art. 11 Utilisations à des fins privées al. 1 lettre a)]])). For this purpose, the storage space used is monitored.
===== 7. Consequences of non-compliante use with the Charter =====
- Non-compliance with the charter and UNIL's active regulations, will trigger administrative measures taken by the Head of the Department / Service / Institute against the user. These measures, proportional to the offense, are reserved under the provisions of reference texts mentioned in article 3. The FBM IT Service may more specifically without limitation:
- Report, through the proper channels, any usage that does not comply with this charter or the internal Directives enacted by UNIL's Rectorate;
- Suspend its support to the user who has not fulfilled the requirements of article 6.7, according to the internal Directive 6.9 of UNIL's Rectorate;
- Reinstall a standard configuration on the designated piece of IT equipment.
- If the misuse of computer equipment leads to fees being charged by third parties to the FBM, the latter reserves the right to require full reimbursement of these expenses from the perpetrator.
===== 8. Final dispositions =====
- In case of differences of interpretation between the clauses of the Charter and the above-mentioned UNIL directives, only the latter prevail. The provisions in force shall be applied in accordance with the principle of the hierarchy of standards.
- Any update of this charter requires the approval of the Head of Department or manager, the Dean's Office and the Head of FBM IT Service and will be officially notified to the community of users.
Entered into force on October 21, 2019.
2.3
2023-04-12
~~NOTOC~~