See Cybersafety

Policy and Legislation

Preface

On the university's network and when using other IT services at the university, everyone must comply with the applicable legislation, codes of conduct and the policy that the university has established.

Below you will initially find the policy and the codes of conduct and guidelines drawn up and adopted by the university. Of these, the Information Security Policy and the Privacy Policy are particularly important. Furthermore, students and employees must be familiar with the relevant Code of Conduct for ICT and Internet use. These codes of conduct also apply to guests.

The other policy documents and codes of conduct go deeper into specific situations. If you recognize yourself in such a situation, take note of the relevant document.

Below you will also find links to national and international legislation concerning cyber security and privacy. These can be found under the heading 'National and international legislation'.

Nationally, a number of codes of conduct have been drawn up for researchers. These have such a big impact that they are also explicitly mentioned here under the heading 'National codes of conduct'.

Access to the network and services is only possible with an account. By default, students and staff receive an ICT account that is issued under the responsibility of CES and HR respectively. They determine when someone is entitled to an account and when the account is canceled.

Guests with a so-called eduroam account can also use the network of the university. Guests without such an account can ask their host for an account for the wireless network (EVA, Eduroam Visitor Access). Guest accounts with access to more IT services are also possible under certain conditions. For further explanation you can contact the services ABC.

University of Twente policy and codes of conduct

The UT has defined agreements and applications in policy and codes of conduct.

These are aimed at creating an environment with responsible and secure ICT and internet use on the one hand and maintaining sufficient privacy of the user on the other. In addition, standards have been drawn up that contribute to user-friendliness, recognisability and unambiguity in the use of websites, e-mail addresses and file sharing across various devices (such as laptop, telephone, USB stick or hard disk) or applications.

Policy on information security
Policy on information security
The approach to information security is based on the University’s information security policy. Responsibility for information security lies primarily with the heads of department, who determine, for example, which measures need to be taken, and who ensure these are implemented and maintained. However, everyone bears responsibility for information security. Everyone is expected to make an active contribution to the safety of computerized systems and the information stored in them.
Privacy policy
Privacy policy
The privacy policy regulates the protection of processing in which personal data is recorded. Within the framework of current legislation and regulations, responsibilities and roles are being defined which are necessary to protect the privacy of everyone involved at the University of Twente.
CCTV Monitoring Regulations
CCTV Monitoring Regulations
These Regulations describe the purpose for which security cameras are used by the university and regulates how the images are used and stored to limit where possible the invasion of privacy of those concerned.
Rules for use of other cameras
Rules for use of other cameras
Recordings are not only made for security purposes, but may also be carried out for other reasons. These recordings may be made by the University of Twente itself, but also by anyone present on the university’s site. This document describes the rules to which these recordings are bound.
Regulations for redundant personal electronic equipment (E-waste regulations)
Regulations for redundant personal electronic equipment (E-waste regulations)
These regulations specify how devices that have become redundant can be disposed of in a socially responsible way. In order of appropriateness, devices are either reused in a relevant way within the University of Twente or by university staff, donated for social purposes or disposed of responsibly to be recycled.
Responsible disclosure
Responsible disclosure
The Responsible disclosure policy explains what we expect from you when you have found a weakness in our systems. It also describes how we deal with this and what you can expect from us.
Classification guideline
Classification guideline
We work with information and computerized information systems that must be protected. Protection is provided at the level appropriate to the risks posed for the information in question. The higher the risk, the better the information must be protected. The Classification guideline supervises the process of classification used to determine those risks. These are based on three aspects. 1. Availability: ensuring that authorized users have access to information and related facilities, in time and at the right moments. 2. Integrity: ensuring the accuracy and completeness of information and processing. 3. Confidentiality: ensuring that information is only accessible to authorized persons (only available in Dutch).
Password policy
Password policy
The password policy describes the criteria the password must meet and how these were arrived at.
Use of own devices and applications
Use of own devices and applications
While providing standard workplaces, the University of Twente also facilitates the use of own equipment and applications. This memo explains the implications for the support provided and the costs and remunerations. The consequences for information security are also clarified.
Student code of conduct for IT and internet use
Student code of conduct for IT and internet use
The code of conduct sets out regulations on responsible IT and internet use by students and the way in which checks take place. It aims to achieve a balance between the interests of the University of Twente and the freedom to use IT and internet facilities by the students.
Staff code of conduct for IT and internet use
Staff code of conduct for IT and internet use
The code of conduct sets out regulations on responsible IT and internet use by staff and the way in which checks take place. It aims to achieve a balance between the interests of the University of Twente and the freedom to use IT and internet facilities by staff.
Software licences
Software licences
This policy memo sets the framework for purchasing and managing software and the underlying processes. It not only relates to the purchase of new software, but also to requests for software through the University of Twente’s webshop (only available in Dutch).
Code of integrity for IT STAFF
Code of integrity for IT STAFF
Due to their far-reaching rights, IT staff can collect privacy-sensitive data. This document includes the ethical values and code of conduct to which they are held, in order to prevent abuse (only available in Dutch).
IT facilities for former university staff and students regulations
IT facilities for former university staff and students regulations
The IT facilities and user period for former university staff and students are set down in this document (only available in Dutch).
National Codes of Conduct

In addition to legislation and specific UT codes of conduct, there are national codes of conduct for the protection of reserach details.

Scientific research involving the processing of personal data is covered by the General Data Protection Regulation. When the research extends to medical personal data, adjacent legislation such as the Medical Research Act also applies. This means that the use of data must meet extra conditions. In order to help researchers to act in accordance with this legislation, national special codes of conduct have been drawn up. Click on the links below for these codes:

Have you seen or experienced something that doesn't add up?
Report an incident