IT Service Maintenance Policy
This document describes the responsibilities related to the management of services.
The rules bind and oblige all technical maintenance personnel (hereinafter referred to as ‘administrator’) of the Tampere higher education community (hereinafter referred to as ‘Tampere University community’), which consists of the University of Tampere and Tampere University of Applied Sciences, as well as the students as applicable.
Information management practice refers to the management of the data sets used in the operation of the Tampere University community as well as their processing phases and the information included in the data sets throughout their life cycles, regardless of the methods of storing and otherwise handling the data sets.
Service refers to a whole consisting of technology, people and processes and produced by the service provider or producer. In some cases, the terms information system or simply system can also be used to refer to an IT service, for instance, when referring to the technical implementation.
Administrator refers to all people responsible for the technical maintenance of the Tampere University community’s services, as well as other people responsible for activities related to system management as well as user support and guidance. Broadly speaking, administrator refers to every person with extensive rights to a system, regardless of the purpose of said system. Students are also considered to be administrators if they manage an information system or service of the Tampere University community.
A unit of the Tampere University community refers to a faculty or other specific area of responsibility of the Tampere University community.
A service owner of the Tampere University community is the Tampere University community unit, the activities and information processing of which the service has been acquired for and which determines the people authorised to use the service.
An administrator has sufficient rights to study the status of systems and services in order to ensure the functioning of an IT service, as well as intervene in the operation of a service or system, the use of systems by an individual user, as well as the user’s data in the systems, if necessary.
In order to prevent breaches of information security and other information security incidents, administrators have the right to take immediate action to safeguard information security.
A unit must document the information systems and service packages it owns, specify how critical they are and appoint administrators to them. The owner is responsible for the existence and availability of any information system descriptions and privacy policies.
The service owner, and finally the unit supervisor, are responsible for ensuring that the service complies with the law, good information management practice, as well as the valid rules and policies of the Tampere University community. Good information management practice requires that the service management include various roles, such as main user (person responsible for the service), technical administrator, etc. depending on the service and provider in question. As far as possible, service management is divided between several people with different authorisations. The necessary log data is also collected on management measures.
The service owner or administrator is not responsible for the content of the users’ personal material; instead, the users themselves are responsible for ensuring that their materials are legal and for protecting them, if necessary, in accordance with the instructions provided by the Tampere University community. However, the service administrator has the statutory right and duty to handle the user’s materials, if there is a justified reason to suspect that they contain threats to information security or illegalities (see the Policy on Consequences of Breaches of IT Security).
If an administrator is suspected or found to have misused their special rights, the unit supervisor is contacted; together with the information security manager, they make the decision on protective and further measures in accordance with the Policy on Consequences of Breaches of IT Security. Administrator’s rights are always an aggravating circumstance when assessing a violation.
If, for some reason, an administrator has access rights to services or systems to which they should not have rights, they do not have the right to use the access right for purposes such as browsing information if it is not connected with their duties or for solving problems. In these cases, administrators are obliged to notify the service owner about the unnecessary rights.
The management tasks and responsibilities between the service provider and the customer must always be defined in the service. They must be taken into account in connection with outsourced providers in particular.
3 Operating principles
The management of the Tampere University community’s services takes account of the users’ and their communication partners’ right to privacy and the confidentiality of communications. However, taking these basic rights into account, the Tampere University community has the right to determine the data content and purpose of use of the services it owns. This also applies to the traffic in the communications network owned by the Tampere University community.
When a user asks an administrator to handle their email or other files, the administrator must verify the identity of the user in an appropriate manner, such as checking a valid identity card, if the administrator does not know the user.
If necessary, the administrator must contact the user. If there is reason to doubt that a username has fallen into the wrong hands, the Tampere University community’s email must not be used.
Administrators are under the obligation of secrecy and prohibition of use concerning information that is not related to their duties that they have discovered while carrying out their duties, as well as the existence of such information.
Non-public issues related to the duties may only be discussed with persons or authorities who are bound by the same obligation of secrecy and to whose duties the issue being discussed is related.
Administrators are bound by chapter 40, section 5 of the Criminal Code of Finland in particular. According to this piece of legislation, an administrator may not unlawfully disclose or make use of confidential information or other information that may not be disclosed in accordance with the law that they have discovered during or after their employment as a result of their duties or position. Such information includes users’ private information.
The administrators’ obligation of secrecy must be ensured by a separate non-disclosure agreement or similar, such as a non-disclosure clause included in the employment agreement.
4 Operating practices
Administrators do not need a user’s password to carry out their duties, and they must not ask users for their password in any situation.
The user must be present in person to give the password to the authentication service, or the administrator must take over the user’s identity with the administrator’s special rights, if solving the problem requires it momentarily. The identity must not be used for longer than necessary to solve the problem. The user must be notified as soon as possible of their identity being taken over with the administrator’s special rights, and a log entry or other traceable information must remain of the process. When the user is present, the administrator must verify the user’s identity in an appropriate manner.
In situations in which the user has personally authorised the administrator to make changes and the user’s identity has been verified, changes can be made to things like email settings, such as redirecting, filtering or setting an automatic reply. However, there must be a documented request for the authorisation.
The rights of a main user are only used when needed for management tasks.
Restriction of access rights during an investigation is defined in the Policy on Consequences of Breaches of IT Security.
Email handling has been specified in the Email Policy.
Administrators do not have a general right to read or otherwise handle the contents of files owned by users.
However, administrators have the right to handle files in cases such as the following:
- When a user gives written permission to solve a problem.
- Upon specific written request (for example, if the management of the Tampere University community’s duties is in danger of being hindered due to an absence, the files owned by the absent employee/student and protected from others may need to be handled. The unit supervisor or a similar party may order an administrator to give a named person the right to access the necessary files).
- Software or configuration files under the username cause disturbances to the functioning or safety of the system or the data protection of other users. In that case, the administrator can check the content of the software files and prevent them from operating, if necessary.
- There is reason to suspect that a username has fallen into the wrong hands. The administrator is obliged to block the username during an investigation. Otherwise the Policy on Consequences of Breaches of IT Security is followed. The aim is to contact the user before taking measures, but it may also be necessary to carry out protective and corrective measures immediately before making contact.
- There is justified reason to suspect that the possessor of the username is guilty of misuse, and it can be assumed that certain files owned by the user contain proof of the misuse.
The administrator has the right to block the username during investigation in case of misuse.
In addition to the above, administrators always have the right to:
- read and change the configuration, email redirect or sorting files as well as other files in the users’ home directories that affect the operation of the service, if they are found to threaten the operation or safety of the service or the data protection of the users. If a possible change cannot be made without losing the changes the user has made, the old version created by the user is transferred under a different name and the user is notified of the change.
- check that common disk regions do not contain files that are illegal or threaten the operation or safety of the service or the data protection of the users. Such files include, for example, malware, recordings that violate copyright, or data specified as illegal in the Criminal Code of Finland.
- automatically or manually delete files in disk regions intended for temporary storage based on predetermined principles. The deletion principles must be available to users, but the users do not need to be notified of deletions in accordance with the principles.
- Concerning services to which the Tampere University community does not have similar rights as to the services it produces, the administrator has the right to ask the service provider to carry out the aforementioned measures.
Processing directory structures, filenames, dates of changes made, size and security level as well as other information on the file is part of normal management, which is carried out in accordance with good information management practice.
If the security of a file or directory is too weak compared to its nature, the administrator has the right to change the security to the appropriate level.
The administrator is under the obligation of secrecy. In taking care of management tasks, the aim is to ensure that the names of files and similar items are not exposed unnecessarily. For example, if file lists are needed for handling problem cases, the text ‘-private-’ or some other text in accordance with the practice agreed upon is printed instead of those user file names that are not connected to the issue being dealt with.
The administrator specifies which software is available in the service. Software can be prohibited or removed from use if its use is not necessary for the operation of the Tampere University community and it poses a threat to safety or the service level. The decision is made by the supervisor of the unit managing the service.
The administrator monitors the software being run in the services as a part of normal management.
The administrator can change the priority of a process being run, if it consumes an unreasonable amount of the service’s resources.
The administrator can terminate the process if:
- the functioning of the process is clearly disturbed
- the process causes extra load that impedes the functioning of the rest of the service
- the process is not justified with regard to the operation of the Tampere University community
- the process is linked to software, the use of which is against the rules and instructions issued by the administrator
- the process endangers data protection or information security
The user is notified of the process being terminated and the cause of termination.
The Tampere University community’s communication network administrator monitors the traffic in the network and the external connections in order to ensure safety and a reasonable service level, and to enable the use of external connections.
When monitoring traffic, the amount of traffic and the operating methods are observed primarily. Content monitoring is only possible in exceptional cases in compliance with the valid legislation.
The monitoring of source and target devices is statistical, and it is not focused on individual users. However, traffic can also be monitored more carefully with regard to an individual service when investigating traffic-related deviations, such as the cause of a particularly high load. Automatic intrusion detection systems can analyse all traffic.
The administrator can contact the person responsible for a device that has caused a large amount of traffic or some other deviation in order to investigate a potential incident or misuse.
The administrator responsible for the device or part of network must be contacted without delay after the traffic has been blocked.
The Tampere University community’s services record log data in order to document the operation of the service, investigate potential incidents or misuse, and collect invoicing information. The log data may constitute a personal data file. A personal data file is handled in accordance with the legislation on data protection.
The administrator must be familiar with the Tampere University community’s policy on logs and the related instructions.
The service provider or producer must take care of making backups of its services. The backups must be stored appropriately, and the administrator must ensure that the backups are legible. The information on the backups must be handled in accordance with the same principles as similar information in the information systems. Backups must be destroyed in a way that does not endanger the confidentiality of the information they contain.
5 Other provisions
This document will be revised as and when needed, so that it will correspond to the valid services and legislation.
Substantial changes will be processed in a cooperation procedure.
The information security manager of the Tampere University community is responsible for the content and maintenance of this Policy.
Information on the amendments will be provided via the normal channels of communication, and not personally.
Permission for exceptions to the Policy can be granted for compelling reasons upon written application. The information management of the Tampere University community is responsible for monitoring the Policy together with the service owner and provider.
The permit may include additional terms and conditions, restrictions and responsibilities.
The responsibility for the supervision of this Policy is determined in the Information Security and Data Protection Policies of the Tampere University community.
The valid legislation is followed in the operation of the Tampere University community.