This charter applies to all authorized users (teachers, staff, students) and all temporary users (trainees, apprentices) of the computer systems and telecommunication network belonging to the units who have signed the Membership and the support agreement of the FBM IT Platform.

The following partners are responsible for the application of this Charter:

• The Dean’s Office and the FBM IT service,
• Head of the Department / Service / Institute.

The use of IT resources within the University of Lausanne is regulated by the following Internal Directives enacted by the Rectorate:

• Directive 0.6 Transmission d'informations en relation avec la protection de la personnalité
• Directive 4.5 Traitement et gestion des données de recherche
• Directive 6.1 Conditions d'accès à l'intranet administratif
• Directive 6.2 Utilisation d’Internet, de la messagerie électronique, de la téléphonie et du poste de travail
• Directive 6.3 Sécurité des équipements informatiques
• Directive 6.6 Procédures pour les achats d’équipements informatiques à l’UNIL et Annexe à la Directive 6.6 Utilisation professionnelle d'ordinateurs privés
• Directive 6.7 Charte d'utilisation des services informatiques centraux
• Directive 6.8 Utilisation des listes électroniques de distribution
• Directive 6.9 Fichiers informatiques et la protection des données personnelles

In addition to these documents, the following cantonal and federal laws also apply:

• Loi sur l'Université de Lausanne du 06.07.2004 (LUL) et son Règlement d’application (RLUL)
• Loi sur le personnel de l’État de Vaud du 12.11.2001 (LPers, RSV 172.31)
• Art. 125 du règlement d’application de la loi du 12 novembre 2001 sur le personnel de l’Etat de Vaud (RLPers-VD) du 09.12.2002 (RSV 172.31.1)
• Loi cantonale vaudoise sur l'archivage du 14.06.2011 (LArch)
• Loi cantonale vaudoise sur la protection des données personnelles du 11.09.2007 (LPrD) et son Règlement d’application (RLPrD)
• Loi fédérale sur la protection des données personnelles du 19.06.1992 (LPD)
• Loi fédérale sur le droit d’auteur et les droits voisins du 09.10.1992 (Loi sur le droit d’auteur, LDA)
• Norme ISO/IEC 27002:2013 Code de bonne pratique pour le management de la sécurité de l’information

1. Three categories of computer equipment are considered¹⁾ and defined as follows:
   1. Private equipment: designates any computer equipment not inventoried at UNIL which connects to the resources of the FBM. For example: the laptop of an employee or affiliate whose stays at the FBM for less than six months, a private mobile phone, etc.;
   2. UNIL equipment: designates any computer equipment inventoried at UNIL that has not been purchased through the FBM IT Service. For example: equipment moved from another institution, private laptops set to inventory, any computers linked to scientific equipment which are not managed by the FBM IT Service, etc. The owner is solely responsible for the proper functioning of this kind of equipment and the FBM IT Service only offers “best effort” support for these computers;
   3. FBM equipment: any computer equipment purchased through the FBM IT Service (desktops, laptops, computers linked to scientific equipment which are managed by the FBM IT Service, etc.) by a member or an entity of the FBM (professor, staff, student). In order to facilitate the management of the IT stock, equipment is standardized. For security purposes, access restrictions (withdraw of administrative rights) are applied and the FBM IT Service offers full support on these computers.
2. For any change of rights the permission of the FBM IT Service is required. For any addition or removal of FBM equipment, the agreement of the head of department/entity manager is mandatory.

1. Any member of the FBM, regardless of his affiliation or status, willing to acquire new hardware or software, regardless of the funding source, must first consult a member of the FBM IT Service in order to define the technical specifications, the needs within UNIL’s standards, the type of software or device required (desktop, laptop, linked to scientific equipment, server, printer, etc.)²⁾.
2. The FBM IT Service is responsible for pre-approving the order, preparing the necessary order forms and forwarding the complete request to the concerned fund manager.

1. In order to manage IT stock at best, every FBM and UNIL equipment (desktop, laptop, computer linked to a scientific setup) is inventoried.
2. The assigned UNIL inventory number must be visible on the equipment³⁾.

1. Hardware ordered through the FBM IT Service is automatically added to UNIL’s inventory.
2. Any faculty member working for the FBM for 6 months or more, may request to register his private equipment in UNIL’s inventory⁴⁾.
3. The following criteria apply to the inventory:
   1. age of the equipment (less than 5 years);
   2. number of devices registered by the applicant (maximum 1 equipment per person);
   3. justification for professional use and general need (no access to a workstation, etc.).
4. Each application must be signed by the head of the department/entity manager before it can be considered by the FBM IT Service.
5. The FBM IT Service notifies the requests and forwards them for approval to UNIL's IT Center.
6. Any private equipment added to UNIL's inventory is then considered as UNIL equipment.

1. Any hardware removal from the inventory must be reported and justified to the FBM IT Service⁵⁾.
2. Any request previously cleared by the FBM IT Service is then transmitted to UNIL’s IT Center, who gives the final approval. In principle, the following conditions apply:
   1. equipment must be older than five years;
   2. it must be free of any maintenance contract;
   3. it is sold or donated without warranty;
   4. the equipment that is sold or donated must be offered in priority to members of the university community, UNIL budgetary units or individuals and to non-profit association;
   5. if the device contains a hard drive, it must first run through a reset procedure in order to erase it completely before it can be given to its new owner.
3. When removing hardware from the inventory, UNIL’s IT Center sends an authorization to the FBM IT Service, and a request for any eventual invoice to the Accounting Services. The amount will be credited on the concerned Budgetary Unit's account (hereafter BU). UNIL’s IT Center has authority to fix the selling price.

1. Users connecting to the FBM’s resources with private equipment must comply with the following rules:
   1. ensure that the equipment is updated with the security patches and updates for their respective operating system;
   2. use an updated anti-virus program (unless otherwise specified by the FBM IT Service).
2. The FBM IT Service does not perform any kind of support or other assistance on private equipment.

1. Users connecting to the FBM resources with UNIL equipment must comply with the following rules:
   1. ensure that the equipment is updated with the security patches and updates for their respective operating system;
   2. use an updated anti-virus program (unless otherwise specified by the FBM IT Service).
2. The FBM IT Service defines the terms of support. This is usually limited to support for issues related to the use of FBM / UNIL resources or software installed, without guaranteeing response time or the resolution of the problem.
3. The FBM IT Service may refuse support or request reinstallation of equipment if its configuration diverges too much from UNIL standards.

1. To join FBM equipment, the acquirement procedure and inventory management should be respected, exceptions being mentioned above in section 5.
2. Any FBM equipment is provided in a standard configuration defined by the FBM IT Service. For security purposes, access restrictions (withdraw of administrative rights) are applied to the equipment.
3. Without explicit permission of the FBM IT Service users do not have the right to:
   1. move equipment without informing the FBM IT Service (except laptops and other mobile devices);
   2. add or remove components (hardware or software);
   3. install any software that does not comply with the directive on software and equipment used at the FBM / within the Department / Service / Institute or for which the user does not have a proper license.
4. The FBM IT Service provides full support for all FBM equipment. This includes:
   1. help for using FBM / UNIL software;
   2. installation and configuration of equipment for everything related to business use;
   3. repair and troubleshooting (hardware and software);
   4. loan service when available.
5. Any exception (full or partial administrative rights, unusual software configuration etc.) requires prior approval, decided jointly between the head of the department /unit manager, the supervisor and the FBM IT Service representative of the concerned entity. Valid reasons for such authorization are for example:
   1. software that requires administrative rights to operate;
   2. non-standard equipment for which the FBM IT Service does not have management skills;
   3. computer scientist or a person with an equivalent profile in the requesting unit to which the FBM IT Service delegates complete or partial management of computers.
6. In the event of an exception agreement, the FBM IT Service reserves the right to adjust the level of provided support.

1. Software purchased or offered by the FBM IT Service reflects the realities of management optimization, compatibility and costs.
2. It is forbidden to install the same software on multiple computers and to register only one license. Copying software is illegal.

1. The terms computer equipment access are defined by UNIL’s IT Center⁶⁾. Usernames and passwords are issued on a personal basis. They are strictly confidential and must not be disclosed to third parties. Are prohibited:
   1. the installation of software that unveils the passwords of other users;
   2. to use another user's credential;
   3. to make unauthorized intrusions on the FBM IT Service's servers;
   4. to neutralize and/or modify any security parameter that has been set.
2. Users shall take all measures to prevent any unauthorized use of their account according to the Internal Directive 6.3 enacted by the Rectorate.
3. At all times, the user is responsible for the use of his personal account and the data it contains.
4. To ensure the confidentiality of his data, the user sets a password in compliance with the latest safety practices and changes it at least once a year.
5. Users must first give their consent before the FBM IT Service can access their computers remotely (intended for software distribution, screen sharing, software modifications, etc.). For a single intervention on a personal computer, the user’s request acts as an authorization. In the case of a larger scale intervention on several personal or shared computers (for software distribution for example), the FBM IT Service informs the users beforehand, within a reasonable time, specifying that a remote maintenance work will be carried out including the modalities (date and time of the intervention, equipment modifications).
6. At the user's departure, unless otherwise agreed by the FBM IT Service, any access granted by the FBM is immediately removed/deleted.

1. 1. The data resulting from the work of employees during their activities at UNIL are protected by copyright but remain the property of UNIL according to article 70 LUL⁷⁾.
2. 2. The FBM IT Service, in partnership with UNIL’s IT Center, provides a central storage space (UNIL NAS server) for data within existing budgetary constraints⁸⁾.
   1. Each user receives an individual directory, with a limited space, which is exclusively intended to store his professional data and is accessible only by himself. All users also have access to a shared directory, for collaborative work, including research data, which is only accessible by the members of the group/work unit they belong to.
   2. Only professional data, including research data, can be stored in the server directories or on other central resources. Duplication should be avoided and the directories must regularly be purged by the user from data that is no longer relevant or has become useless in the professional context⁹⁾.
   3. The user is solely responsible for the data he produces and stores on the central infrastructure. More specifically, he is competent to assess the relevance of his data and must ensure that the file names match their nature¹⁰⁾.
   4. UNIL’s IT Center defines the modalities of data protection and data backup.
   5. The FBM IT Service grants access to data in accordance with the department head or delegate.
   6. Regarding the central storage infrastructure which belongs to UNIL’s IT Center, the FBM IT Service disclaims any liability for the availability, security, integrity and completeness of data, interruption of service or any other unforeseen incident beyond the safeguards and protection established by UNIL’s IT Center.
   7. The user agrees that under specific circumstances, any non-encrypted data stored on the central storage space can be read by some employees of the FBM IT Service and/or UNIL’s IT Center. The list of access rights may be requested to the FBM IT Service.
3. For any information stored outside the central storage space (UNIL NAS server) or oustide a central server provided and managed by the FBM IT Service, no warranty is given in regard to the availability, security, integrity and backup of the stored data.
4. In cases where the intervention of the FBM IT Service requires the backup of the data or other information, the FBM IT Service is committed to:
   1. respect the privacy and confidentiality of data;
   2. destroy any stored data after a period of three months.
5. At the departure of a user, the latter:
   1. ensures to sort all of his data stored locally on the FBM or UNIL equipment he used for his work and also any data contained in his individual directory on the central storage space, by transferring all remaining professional/research data to a shared directory on the central storage space;
   2. agrees that any data left in his personal folder on the central storage space will be deleted 30 days after his departure;
   3. agrees that any data left locally on the FBM or UNIL equipment can be removed 30 days after his departure.

1. The equipment provided by the FBM IT Service is dedicated to professional or academic use.
2. We remind you that the possession, display or dissemination of any computer data owned by third parties is protected by the LDA (Loi fédérale sur le droit d’auteur).
3. Limited personal use is allowed provided it meets the following conditions:
   1. it does not alter the physical and logical configuration of the equipment;
   2. it does not result in direct costs for the FBM;
   3. it does not interfere with the user's work and his colleagues;
   4. it does not affect the interests and the image of the FBM;
   5. it does not significantly overload the available equipment or infrastructure and/or interferes with other users connected to FBM resources¹¹⁾. For this purpose, the storage space used is monitored.

1. Non-compliance with the charter and UNIL's active regulations, will trigger administrative measures taken by the Head of the Department / Service / Institute against the user. These measures, proportional to the offense, are reserved under the provisions of reference texts mentioned in article 3. The FBM IT Service may more specifically:
   1. Report, through the proper channels, any usage that does not comply with this charter or the internal Directives enacted by UNIL's Rectorate;
   2. Suspend its support to the user who has not fulfilled the requirements of article 6.7, according to the internal Directive 6.9 of UNIL's Rectorate;
   3. Reinstall a standard configuration on the designated piece of IT equipment.
2. If the misuse of computer equipment leads to fees being charged by third parties to the FBM, the latter reserves the right to require full reimbursement of these expenses from the perpetrator.

1. In case of differences of interpretation between the clauses of the Charter and the above-mentioned UNIL directives, only the latter prevail. Alternatively, the rules and regulations referred to in article 3 will apply.
2. Any update of this charter requires the approval of the Head of Department or manager, the Dean's Office and the Head of FBM IT Service and will be officially notified to the community of users.

Entered into force on January 1, 2018.

1.0 2018-01-01