RULES FOR THE MAINTENANCE OF INFORMATION SYSTEMS

1. INTRODUCTION

1.1 Definitions
In these rules, maintenance and administration refer to

 keeping information systems functional and secure

 making necessary alterations to or corrections in the information systems
 documenting the use of and alterations made to the information systems
 administering user IDs, user accounts and access rights for information systems, and
 monitoring the operation and use of information systems and compiling statistics on them.
In these rules, an information system or a system refers to

 a single data processing device or facility, or a system composed of such devices that are owned by
the University or are connected to the University network
 the University computer network
 software and services running in the University computer network, and
 the information content of all the above-mentioned systems.
A University unit refers to a faculty, department, division or other functional unit of the University.

The responsible owner of a specific information system within the University refers to the unit for
which the information system has been acquired, and which designates the persons entitled to use the
information system. The owner of information materials may also be the author of the materials, as
defined in the Copyright Act.

The manager of an University information system is responsible for the management of said
information system unless the management responsibilities have been transferred to another unit
within the University or outsourced by contract. Usually, the manager of an information system is not
the system administrator.

System administration refers to persons responsible for the technical management of the
University’s information systems and to other University IT support personnel, who collaborate to
maintain the systems and provide user support and guidance. In a broad sense, the term ‘administrator’
refers to all persons having administrative rights in the system.
1.2 System administrators’ privileges
To ensure the functionality of information systems, an administrator has extensive rights to inspect
the status of the systems and, if necessary, to intervene in the function of the systems, in the actions
of individual users and in their data in the systems if there is reason to suspect that such data violate
current regulations or rules for the use of information systems (e.g. illegal copies of music or films).

To eliminate and fend off breaches of information security, an administrator has the right and
obligation to take necessary steps to ensure information security. Cases of information security
incidents shall be dealt with in accordance with the University of Helsinki Information Security
Policy and the instructions for responding to information security incidents.

To avoid a conflict between an administrator's privileges and the legal protection of the users of the
system, the application of an administrator's privileges is controlled by guidelines and rules based on
current regulations. The University’s IT Center is responsible for the University’s information
security policy, which, along with other valid regulations and instructions for the use of the
University’s information systems, will be posted on the University’s web site. Departments and units
may issue detailed system-specific rules and instructions.

These rules are binding for all system administrators at the University, including students, should they
be the administrator of an information system or part of such a system that is connected to the
University information network.

2. Responsibilities
A unit must document the information systems or system entities in its possession, prioritise them
when necessary, and assign and document the managers and administrators. The owner of the
information system is responsible for the existence, validity and availability of information system
documentation.

The owner of the information system and, ultimately, the head of unit are responsible for ensuring
that the system adheres to current legislation, good administrative practices and current guidelines
and regulations issued by the University. The owner is always ultimately responsible for the
maintenance of the system. The information systems manager is responsible for the technical
maintenance of the systems in accordance with good administrative practices. Every system must
have designated administrators. Administrative duties shall be distributed, if possible, to several
individuals with different access rights. The actions and procedures taken by administrators shall also
be logged.

The owner or manager of an information system is not responsible for the contents of an individual
user’s data. Users are personally responsible for the legality of their data and are required to protect
them in accordance with the guidelines issued by the University. The manager of an information
system has, however, the right and obligation to intervene with a user’s data if there is reasonable
cause to suspect that it contains information security hazards or illegalities.

If an administrator is suspected or has been found to have misused his or her privileges, the head of
the relevant unit or a contact person designated by the head shall be contacted. The head or the contact
person shall inform the Campus Information Security Officer. Further measures, if any, shall be taken
in accordance with the University of Helsinki Information Security Policy.

3. Policy of operation

3.1 Good maintenance practices

Information systems shall be maintained in accordance with good maintenance practices. Good
maintenance practices mean well planned, responsible and professional administration which
complies with good information management practices as provided by the Act and Decree on the
Openness of Government Activities[1].

3.2 Protection of privacy

The administration of the University's information systems takes into account the right to privacy and
the confidentiality of communication between users and their communication partners. While
adhering to these basic rights, however, the University reserves the right to control the information
content and purpose of use of the information systems in its possession. This also applies to the
telecommunications network owned by the University. The purpose of use is defined in greater detail
in the Rules for the use of University of Helsinki information systems or in system-specific rules.

When users request an administrator to handle their email or other files, the administrator must check
the person's identity in an appropriate manner, for example, by verifying their identity against an
official certificate of identification.

An administrator may contact a user either by calling a telephone number found in the University’s
information systems or by sending him or her an email. If, however, there is suspicion that the user
ID has fallen into the wrong hands, email should not be used.

3.3 Confidentiality
Administrators are bound by confidentiality and a ban on the exploitation of information not related
to work and of the existence of such information that they may learn while performing their
professional duties. Non-public work-related matters may be discussed only between individuals or
authorities that are bound by the same confidentiality and to whose professional duties the matter is
relevant.

Administrators in particular are bound by Section 40, Sub-Section 5 of the Penal Code, according to
which public officials must not deliberately, while in office or thereafter, unlawfully disclose a
document or information which under law is to be kept secret or not to be disclosed.

Administrators shall sign a confidentiality agreement.

4. Practicalities

4.1 Identities, passwords

Administrators do not need to know users’ passwords to carry out their duties, and they must not
inquire about users’ passwords.

If the rectification of a problem requires the administrator to temporarily assume a user's identity, the
user must either be present to provide his or her password to the authentication service, or the
administrator must assume the user’s identity through administrators’ privileges. The user must be
informed of the latter beforehand or as soon as possible. The administrator must not retain the user’s
identity any longer than is necessary for rectifying the problem.

In situations described above, the administrator must verify the identity of the user in an appropriate
manner.

Administrators shall resort to main user privileges only when their maintenance duties so require. In
all other cases, they shall use their own personal user IDs.

4.2 Restrictions on user accounts during investigations

If there is reason to suspect that the University's information security has been compromised or that a
user is guilty of breaching the Rules for the use of University of Helsinki information systems or of
other misuse, an administrator has the right to restrict the user's access rights to the information
systems for the duration of an investigation.

The investigation shall be carried out and consequent further measures shall be taken in accordance
with the University of Helsinki Information Security Policy.
 4.3 Processing of emails
According to the Constitution of Finland, the secrecy of correspondence, telephony and other
confidential communications is inviolable, unless otherwise provided by law. An email message is
analogous to a letter in that it is confidential unless it has been intended for public distribution.

The principles for processing email are laid out in the Rules for processing email. The present Rules
for the maintenance of University of Helsinki information systems provide rules for special
circumstances in which an administrator must intervene with email communications to ensure the
service level or security of the system.

An administrator has no right to view a user’s email. An administrator may be required to open files
containing a user's email in the following situations:

 A user requests this from the administrator. For example, the request can be made in a situation where
the user's mailbox cannot be opened with the software at the user's disposal. The authorisation to open
files containing a user's email concerns only that one instance. If the user asks for information about
the contents of the mailbox, the administrator must, without exception, verify his or her identity (see
Section 3.2).
 A user's mailbox causes a disturbance because of, for example, its large size or damaged structure.
o A mailbox that disturbs the flow of e-mail due to its large size must be transferred to another location
without opening it. The user must be notified of the new location of the mailbox if the mail system
cannot automatically find it. If the mailbox cannot be placed in a location accessible to the user
because of its large size, a method for transferring the messages to the user must be agreed upon with
the user. A transferred mailbox may be compressed to a less space-consuming format, provided that
the user receives detailed instructions for accessing the emails. A large mailbox may also be deleted
in exceptional circumstances if no other reasonable action can be taken. The decision to delete a
mailbox will be made by the head of the unit administering the system.
o An administrator is allowed to repair a structurally damaged mailbox without asking the user's
permission. However, the administrator is not allowed to read any textual contents addressed to the
recipient.
o The user shall be immediately notified of any non-standard procedures performed on his or her
mailbox.
 The email system cannot deliver a message due to its insufficient or damaged structure. In such a
situation, the administrator is authorised to examine and repair the technical guidance data of the
message. However, the administrator must not, as far as possible, read the textual contents addressed
to the recipient of the message.
 An administrator also has the right to purge mail that is being delivered of any messages that
jeopardise the proper functioning of the email system, as well as of messages generated by a technical
error that are thus obviously unnecessary.

4.4 Processing of other data

As a rule, administrators have no right to read or otherwise process the contents of files owned by
users.

However, an administrator has the right to open files owned by users under the following
circumstances:

 A user has authorised the administrator to do so in order to solve a problem.

 A special written request has been made, for example, in a situation where the proper functioning of
the University is jeopardised because of an absence. The files owned by the absent employee or
student and protected from other users may have to be processed. The head of the relevant unit may
order the administrator to grant a designated person access to the relevant files.
 A user ID holds, owns, or is in charge of programs or initialisation files that disturb the proper
functioning of the system or compromise the safety or information security of other users. In such
cases, an administrator may examine the contents of the files and, if necessary, stop their operation.
 There is reason to suspect that a user ID has fallen into the wrong hands and that the user ID possesses
files or programs that can jeopardise or threaten the University’s safety and capacity to function.
o If an administrator suspects that a user ID has fallen into the wrong hands, he or she has the right to
cancel temporarily the user ID. Other subsequent action will be taken in accordance with the
instructions for responding to information security incidents. As a rule, efforts will be made to contact
the user before any action is taken, but protection and rectification measures may have to be initiated
before contact can be made.
 There is reason to suspect that the owner of a user ID is guilty of misuse and it can be assumed that
certain files owned by the user contain evidence of this misuse.
o An administrator has the right to cancel temporarily a user ID in case of misuse. Misuses are handled
in accordance with the University of Helsinki Information Security Policy, the Rules for the use of
University of Helsinki information systems and the instructions for responding to information security
incidents.
 Administrators have the right to stop the display of such web pages that are against law or the Rules
for the use of University of Helsinki information systems.
 The protection status of the files allows such action anyway, unless this is a clear error on the part of
the user, who has unintentionally set free access rights to all his or her files. In such a case, it is the
administrator’s responsibility to inform the user that the protection of his or her files is inadequate.
 In addition to the above, administrators always have the right to:

 Access and modify initialisation files, email forwarding or sorting files as well as other files in the
users’ home directories that affect the functioning of the system if such files are found to threaten the
functionality or security of the system or the information security of users. If modifications cannot be
performed without erasing the modifications made by the users themselves, the old version made by
the user must be transferred to another file name and the user must be notified of this.
 Verify that common disk areas do not contain files that are illegal or threaten the functionality or
security of the system or the information security of users. Such files include, for example, malware,
recordings that violate copyrights and illegal data as defined by the Penal Code.
 Manually or automatically delete files from disk areas that have been assigned for temporary storage.
This deletion must take place in accordance with previously-agreed principles, which are also
available to users. However, the users need not be informed of these deletions.
 Delete documents from print queues if they hamper the operations of the print services. Users need
not be informed of these deletions.

4.5 Monitoring of directories and file lists

Under normal circumstances, administrators cannot fully avoid processing and seeing file lists of
directories owned by users. Processing directory structures, file names, modification dates, and size
and protection levels along with other information pertaining to files is part of normal maintenance
and administration, which are carried out in accordance with good administration practices.

If an administrator finds that the protection of a file or a directory is insufficient in relation to its
nature, he or she has the right to upgrade the protection to the necessary level.

In carrying out maintenance and administrative duties, administrators shall take care to not display
file names and equivalent information unnecessarily. For example, when file listings are needed to
solve a problem, if possible, those file names that do not pertain to the matter at hand will be deleted
from the list.

4.6 Monitoring of programs and processes

The manager of the information system and the system administrator together define which software
shall be available in the system. Programs can be prohibited or withdrawn from use if their use is not
necessary for the operation of the University or if they jeopardise the high level of services and
security. This decision will be made by the head of the unit administering the system.

Administrators routinely monitor the programs running in the information system.

 Administrators may adjust the priority of a process, if this process consumes excessive system
resources.

An administrator may terminate a process if

 The function of the process is clearly disturbed,

 The process hinders the proper functioning of the rest of the system,
 The process is connected to software which violates the instructions and rules issued by the system
administrator. In such cases, the user shall be notified of the termination of the process and of the
relevant regulations,
 The user ID of the process owner has expired.

4.7 Monitoring of the data communications network

Administrators of the University data communications network monitor the traffic of the University
network and its external connections using monitoring software and by reviewing log data to be able
to ensure a reasonable level of services and security as well as the cost-effective use of external
connections.

The monitoring of network traffic does not involve the contents of the information transferred, but
rather the amount and nature of the traffic. The monitoring of source and target computers is statistical
in nature and does not focus on an individual user, except in cases of disturbances. However, the
traffic of an individual system can be monitored in greater detail if anomalies, such as excessive traffic
load, are being investigated.

In order to investigate a possible incident of disturbance or misuse, a network administrator may

contact the person responsible for the computer that is the source of excessive traffic or other
anomalies.

An administrator of the data communications network may deny a computer or a part of the network
access to data communications or the use of a certain service if this computer or part of the network:

 Causes traffic that jeopardises the high level of service or security of the network,
 Gives cause to suspect that a computer or computers have fallen into the wrong hands or are infected
by malware.
 Breaches the Rules for the use of University of Helsinki information systems
 Is not properly maintained and administrated, especially in view of information security.
In all of the above cases, the administrator responsible for the computer or part of the network shall
be contacted without delay once access to data communications has been denied.

4.8 Processing of log files

The University's information systems create log files to document the functioning of the system, to
investigate possible disturbances or misuse and to collect statistical and invoicing data. The University
normally uses the logged information only for technical maintenance, invoicing and statistics. The
log files may form a register that falls under the scope of the Personal Data Act or contain
identification data which fall under the scope of the Act on the Protection of Privacy in Electronic
Communications.

4.9 Storage of data

The provider of information system services shall, as a part of maintenance and system administration,
ensure that backup copies are made of the systems. Depending on the purpose of the system, backups
are made with sufficient frequency in case of, for example, disk failures.

Backup copies shall be stored in an appropriate manner, and the administrator shall ensure that they
are accessible. The processing of data on backups shall comply with the same principles as the
processing of equivalent data in information systems. The deletion of backups shall take place in such
a manner that the confidentiality of the data in them will not be compromised.

5. Monitoring the observance of these rules

Monitoring the observance of these rules is the responsibility of the owner of the IT Center and of
other information systems in the University units. Breach of these rules shall be handled in accordance
with the University of Helsinki Information Security Policy. The IT Center shall update these rules
and the IT Security Manager shall monitor the need for updates. A valid version of the Rules for the
maintenance of University of Helsinki information systems shall be posted on the IT Center’s web
pages.