Regulation 16-001: The use of Information and Communication Technology ( ICT) resources at the University
Appendix A – “Rules of Conduct and Use of ICT Resources."
Appendix B – “Declaration of Commitment."
Appendix C – “Guarantee of Confidentiality."
Appendix D – “Hosting External Websites on BGU Servers."
Link: “The Law for the Protection of Privacy."
Link: Regulation 03-003 “The Committee for the Security of Computerized Information Systems."
ICT play a major role in scientific and academic work at the University. BGU's ICT resources are intended to serve the University community in reaching its teaching, research and administrative goals. The Computation Center is responsible for controlling the use of these ICT resources, securing information and its ongoing flow in the communications network, and preventing the unauthorized use of these resources.
ICT resources are limited and serve a wide audience. These resources must be used in accordance with the law, wisely, frugally and reasonably, in such a manner that does not interfere with the proper and ongoing work of other users. Compliance with these ethical rules is crucial to the normal functioning of the BGU I systems.
2. The goal
The purpose of this regulation is to establish rules for the management and efficient use of the computerization services at the University.
3.1 ICT resources – all the means that the university provides to its users, including: computers, computing equipment, digital communications and software.
3.2 The user – anyone who actively uses ICT resources.
3.3 Authorized use – use by anyone authorized by the University for the purpose for which he was authorized.
3.4 Data security – protection of data, software and hardware, including denial of unauthorized access.
3.5 Advertising – any message having a commercial intent, the goal of which is to encourage the purchase of a product or service or to in any way encourage the expenditure of money.
3.6 Database – a collection of data, stored on magnetic or optical means intended for computerized processing, with the exception of data gathered for personal use, not for business purposes. A collection of data that includes only names, addresses and contact information, which does not in itself create a characterization that infringes the privacy of persons whose names are included therein, provided that the owner of the collection or the corporation under his control has no additional collection.
3.7 Sensitive information – data regarding an individual's: personality, privacy, health condition, economic condition, professional credentials, personal opinions and beliefs, as well as information that the Minister of Justice has stipulated as being sensitive.
3.8 Digital information – images, files and anything stored on digital media.
3.9 Communications equipment - communications equipment includes all the active components of communications network that connect between all the computing resources, including, among others: communication switches, routers, wireless access points, as well as communication lines, between the BGU network and other, external communication networks.
3.10 Organizational document – a document that has organizational significance and must be later retrieved by various additional parties within the organization (e.g., organizational guidelines, contracts and regulations).
4. Content of the regulation
4.1 Authorization of the use of ICT services
4.1.1 BGU intends the use of its ICT resources to be for teaching, research and administrative purposes.
4.1.2 Those authorized to use these ICT services are:
a. members of the academic, administrative and technical staffs.
b. BGU students.
c. other 'guests' that have been authorized by the Deputy Director General, Head of Computing and Information Systems Division.
4.1.3 Use of the BGU ICT resources must be in accordance with the laws of the State of Israel (especially under the Protection of Privacy Law, 1981 and the Computers Law, 1995, as well as Amendment 40 to the communication Law, also known as the “The Spam Act") in addition to the specific BGU regulations in this document that are updated continuously on the BGU website.
4.1.4 The use of BGU ICT resources is subject to a one-time, electronic confirmation of a “Declaration of Obligations." (see Appendix B) and involves identification by means of personal authorization details. Each user must make an electronic declaration and accept the obligation to act in accordance with the aforementioned “Declaration of Obligations," prior to use of the ICT resources. It is hereby clarified that even those who have not electronically authorized to act in accordance with the “Declaration of Obligations", the use of BGU ICT resources constitutes an electronic confirmation of the agreement to act in accordance with the “Declaration of Obligations".
4.2 Password protection and confidentiality
4.2.1 Authorization credentials to use ICT resources are personal and confidential and may not be given to anyone except the owner. The Computation Center may take action against anyone who infringes upon the above regulations, including by blocking the possibility of using the ICT resources.
4.2.2 In exceptional cases, as it sees fit, the Computation Center may authorize a shared group E-mail.
4.2.3 Users are responsible for maintaining the confidentiality of their passwords and using it according to BGU regulations and the instructions of the Computation Center.
4.2.4 Users must change their passwords at least once a year.
4.2.5 Additional security instructions and guidelines, including those for laptops, are occasionally provided by the Computation Center and they are binding on the users either from the date of their publication or from a later date given in those instructions.
4.3 Connecting servers and computers to the network
Use of BGU ICT resources is made possible through computers and servers installed and connected by a wide communications network. Each computer or server connected to the network is a Node.
4.3.1 The Computation Center is responsible for controlling the use of computer resources, securing information and its ongoing flow in communications network, and preventing the unauthorized use of these resources.
4.3.2 It is forbidden to attach switches, routers or wireless access points ( network devices ) to the BGU communications network (even in the BGU dormitories) without a written approval by the Computation Center.
4.3.3 A user may apply in writing to the Head of Communications section in the Computation Center for permission to attach personal network device to BGU network.
4.4 Software support services from external programmers via remote control
The following are the detailed conditions for the use of external remote-control programs:
a. Permission for remote control will be granted after the approval of the Computation Center.
b. The BGU user receiving this service is responsible to ensure that the supplier signs the BGU “Guarantee of Confidentiality" form.
c. The connection should be made via the VPN services of the Computation Center, after establishing an external user credentials in accordance with the guidelines of the Computation Center, while using a smart I.D. card (e.g., Secure-ID).
d. The BGU user receiving this service is responsible for confirming that each connection is made in coordination with him.
e. A control program in the hands of a BGU user may be activated only after coordination with the supplier and only for the duration of the required service.
f. The BGU user receiving this service must be physically present near the computer systems throughout the duration of the service and must confirm that the service was rendered as per his requirements and the takeover software is activated only during that time period.
4.5 E-mail, dissemination of information, protection and security
4.5.1 The Computing and Information Systems Division assigns an organizational Email box to each member of the BGU staff and student for the purpose of managing official correspondence with the University.
a. Various BGU units manage the correspondence with the students regarding student administration: tuition fees, class schedule changes, exams, lecturers' announcements, study assignments, administrative announcements, and more, via the BGU E-mail. The students must review this mailbox at least once a week.
b. Members of the BGU staffs are required to review the contents of their BGU mailboxes at reasonable intervals.
4.5.2 The dissemination of 'junk mail' or 'chain letters' is strictly forbidden.
4.5.3 Sending out mass E-mailings (not invited by the recipients) is only permitted when the data being disseminated is both required and directly related to BGU activities. It is completely forbidden to send out mass E-mails for personal, public or political reasons.
4.5.4 The dissemination of 'advertisements':
a. It is completely forbidden to send out advertisements via BGU resources, unless they serve the work needs of the University.
b. It is completely forbidden to send out advertisements via BGU resources, for purposes of personal gain or commercial profit.
c. The distribution of an E-mail containing an advertising is subject to “Guidelines for Sending E-mails" following the Amendment to “The Communications Law" (“The Spam Law").
4.5.5 Whenever advertising is sent out to individuals, bodies or companies within the framework of BGU work needs, it is obligatory to write “Advertisement" in the E-mail header. It is also required to add, at the bottom of the advertisement, the name and address of the sender, and to allow its recipient the option of being removed from that mailing list. The Computation Center backs-up all the data in the organizational E-mail systems (except for post.bgu.ac.il). Valuable information, not stored on the Computation Center's servers must be saved in no less than two back-up copies, each at a separate storage site.
4.5.6 Antivirus protection
The installation of antivirus software with constant updates can help users to protect the data stored on the computers in their possession from viruses, malfunctions and loss of data. All users who have personal computers must install and update antivirus software. (See “Installation Guidelines" on the Internet website of the Computing and Information Systems Division.
4.6 Internet websites
4.6.1 The establishment of Internet websites on BGU servers and the use of the bgu.ac.il domain name is reserved solely for BGU units.
The hosting of external sites on BGU servers is conditional upon receipt of prior written approval from either the Rector, the Vice-President, or the Director-General. Such a request should be submitted to the Deputy Director General, Head of Computing and Information Systems Division, for an analysis of its significance and referral to the appropriate parties for approval; this is submitted by means of a form (see Appendix D) entitled “Instructions for External Websites Hosted on BGU Servers."
4.6.2 Anyone who uploads content and/or information onto BGU websites is liable, among other things, for the following:
a. copyright will not be infringed.
b. It is forbidden to upload information that violates state laws and regulations, especially “The Protection of Privacy Law."
c. The publication of offensive material in different populations should be avoided.
d. It is forbidden to do so for personal gain or to promote political or other propaganda.
e. It is forbidden to link to an external websites that does not meet BGU criteria, as stated above.
4.7 Information confidentiality and security
4.7.1 Any BGU staff member who has a computer with confidential data on it must ensure the accuracy, security and back-up of the information. For relevant guidance, please see the unit's designated 'IT person' or the Computing and Information Systems Division staff.
4.7.2 Staff members are not allowed to store digital copies of forthcoming exams/quizzes on BGU servers (except the only one secured server which is specially designed for it) or external systems, such as E-mail clouds or other cloud storage. This instruction does not apply to their personal computers.
4.7.3 (update 01/2018) It is obligatory to store organizational documents in one of the means offered by BGU for their safe storage, for example on computation center or departmental shared and managed storage devices or document management systems.
4.7.4 Improvement of information security by means of security cards
It is now possible to improve information security by the use of security cards (e.g., Secure-ID). For relevant guidance, please see the unit's 'IT person' or the Computing and Information Systems Division staff.
4.8 Sensitive or confidential information
4.8.1 As described above in section 3 (“Definitions"), the use of 'information or 'sensitive information' in databases is subject to the “Protection of Privacy Law"
and is contingent upon the written approval of the database manager. It is forbidden to transmit such data (partially or entirely) from a registered database to any other party, except in accordance with the relevant laws, as presented in “The Law for the Protection of Privacy." When in doubt, one should consult with the BGU Legal Advisor.
4.8.2 Every unit or staff member keeping private or sensitive information is bound by the “Protection of Privacy Law" and must register the databases with the Database Registrar at the Department of Justice. More information can be found on the Computer and Information Division website in the menu of procedures. For detailed explanations and instructions please contact the Computation Center director.
4.8.3 It is the responsibility of every BGU unit that is assisted by external support, to provide the external parties with 'guest authorizations' via the Computation Center and to have these external parties sign the “Guarantee of Confidentiality" (see Appendix C).
4.8.4 To the extent that these external parties require access to data located in databases (and in accordance with “The Protection of Privacy Law"), database managers are required to have them sign the “Regulation for Handling Sensitive Data."
5. Responsibility for implementation
5.1 The Computing and Information Systems Division is responsible for maintaining and updating of this regulation, as well as the ongoing operation and supervision of the use of the BGU ICT resources.
5.2 The Information Systems Security Committee is in charge of matters of policy regarding the issues relevant to this regulation, in conjunction with the Committee for ICT Policy (see link).
5.3 The individual user must follow the BGU rules, regulations and ethics, regularly published by the Computation Center and abide by “The Protection of Privacy Law" (see link).
6. Applicability: This regulation is valid from the date of its publication.
Vice-President and Director-General
APPENDIX A – 16-001A: Rules of Behavior and the Use of Digital Teleprocessing Resources
1. It is forbidden to disrupt the proper functioning of the computer, interfere with its use or delete, alter, disrupt or interfere with the use of computer materials.
2. It is forbidden to transfer, store on a computer or perform any action whatsoever that may result false data or false outputs.
3. It is forbidden to illegally hack into computerized materials. Do not read or copy information without the permission of the owner of the information.
4. By law, any unsanctioned connection to a computer is a crime.
5. It is forbidden to edit and/or disseminate software that may cause damage to a computer or to computer materials (e.g., computer viruses).
6. It is forbidden to use BGU resources to harm others.
7. It is prohibited to use and/or distribute materials protected by copyright law or some other type of license without prior permission of its owner(s).
8. It is forbidden to carry out any actions that violate the state laws and regulations, particularly “The Protection of Privacy Law."
9. Vandalism corruption and pranks are forbidden.
10. It is forbidden to distribute inflammatory materials and/or announcements having a defamatory or harassing nature against any entity whatsoever, at BGU or elsewhere.
11. The use of these BGU resources for personal or commercial gain, or for political propaganda is strictly forbidden.
12. Harming the University or its reputation is forbidden.
13. It is forbidden to connect any external website to any site of BGU, in case the external site include information that violates one or more of BGU's ethical rules.
14. It is forbidden to connect any network equipment, such as switches, routers or wireless access points to the BGU communications network (even in the BGU dormitories) without prior authorization by the Computation Center.
15. It is forbidden to perform actions such as seeking illicit backdoor access or network scanning, as well as being completely forbidden to locate and/or take advantage of computer loopholes at BGU or elsewhere.
16. It is totally forbidden to send 'junk mail'.
17. It is totally forbidden to tap BGU communication network.
18. Do not store or copy digital data onto the BGU ICT resources, which is copyright protected, without a legally obtained permit. Getting such a permit is the responsibility of the user who wishes to store or copy that information.
19. Course registration must be done by the students themselves, interactively. It is totally forbidden to use the simulated, interactive registration programs ('robot' programs) to register.
20. Any student who encounters criminal use of the BGU ICT resources or discovers deviations from these rules and regulations is requested to report it to the Office of the Computation Center Department.
APPENDIX B – 16-001B: Declaration of Obligations
I hereby declare and undertake the following obligations:
1. To use the BGU ICT resources and BGU's databases in accordance with the law, especially following “The Computers Law" and “The Protection of Privacy Law" as well as following the University's regulations and rules as they are published from time to time by the Computation Center at regulations for the staff members.
2. To use the BGU computer resources and databases only for my work purposes/my University studies. I am aware that I will be personally liable for any deviant use I make of them.
3a. I shall maintain absolute confidentiality, regarding all the information that reaches me during my use of the BGU ICT resources during my work and/or by any other means, including all personal data, as defined by “The Protection of Privacy Law."
3b. I shall not make use of such information for any purpose other than meeting my BGU work goals. I am aware that any unauthorized use or dissemination of information towards other purposes, against these instructions, will be considered a breach of trust and a serious infraction of the obligation of loyalty to the University; as such, I will stand accused of a serious disciplinary crime at the workplace.
4. I shall take all the necessary means and measures to ensure strict and complete preservation of the information (as stated in section 3 above).
5. As stated in section 3 above, for all intents and purposes, my obligations extend throughout the duration of my work at BGU and even after my job has been completed.
6. I will not enter any databases and/or computer accounts at BGU or elsewhere for which I do not have legal access authorization (i.e., without permission or due authority); I will not take advantage of my access to the BGU ICT resources outside the sphere of my work for the purpose of disrupting datums or corrupting computer software.
7. I know that BGU forbids the use of computer programming packages contrary to the instructions regarding copyright law.
8. I will not use software packages on the BGU computers, nor digital information items of any kind, that have been illegally copied and/or were received in any manner that infringes on copyrights.
9. I am aware that BGU may become exposed to law suits, expensive damage claims and serious harm to its reputation, should I breach my aforementioned obligations. As such, I hereby accept the obligation to reimburse the University for any and all damages and/or expenses caused as a result of my infractions.
10. I hereby declare that when I retire/complete my job at BGU, I will transfer all the organizational materials that I amassed on my BGU E-mail, within the purview of my position, to my superior, making no more use of them.
11. I hereby make a commitment to uphold the following demands on the computer in my possession:
a. to install the most up-to-date version of antivirus programming.
b. to install all the critical security patches in the operating systems. I am fully aware that non-compliance with these demands may be followed by the temporary detachment of my computer from the BGU network.
In attestation thereof, my signature follows:
Date Signature Department Full name I.D. no.
APPENDIX C – 16-001C: “Guarantee of Confidentiality"
We, the undersigned, being authorized to sign and commit in the name of the ___________________ company (henceforth: “the Company"), within the framework of providing __________________services to Ben-Gurion University of the Negev (henceforth: “Services"), do, hereby, affirm this affidavit, as follows:
1. We guarantee that the Company will protect the complete confidentiality of everything related to the information it receives or is aware of, while providing its Services, and that the Company will not transfer, reveal or publish any of these information or documents it has received to any third party without first obtaining authorization to do so from the authorized p at BGU. Without derogating from the generality of the aforeaid, the term 'information' includes, among other things, information and knowledge relating to BGU administrators, employees, students, suppliers, clients, activities and work methods.
2. The Company will use all the means necessary to meticulously and completely protect the aforementioned information (section 1 above).
3. The Company's undertaking and guarantee (as stated in section 1 above) is also binding in regard to other BGU employees whose work is not related to the contents of the aforementioned information.
4. This Company's undertaking and guarantee (again, as stated in section 1 above) is valid and binding not only throughout the duration of the provision of Services to BGU, but also after their completion, for all intents and purposes.
5. The Company will not assign any of its employees or agents to render Services on its behalf before first submitting its written and signed guarantee (identical to this document). In any case, any infraction by the Company or its employees/agents of the aforementioned obligations during the duration of the Services and after its termination will be considered breaches of this undertaking and guarantee by the Company.
6. We know that any infraction of this undertaking and guarantee is a basic breach of the Company's agreement with BGU and, as such, the Company will compensate BGU for any and all damages caused to BGU by the infraction:
As confirmed by our signature on (DD/MM/YYYY) ________________
APPENDIX D – 16-001D: Instructions for External Websites Hosted on BGU Servers
The following are instructions for external websites being hosted on BGU servers.
The hosting of website external to BGU (henceforth: “Website") on BGU servers (henceforth: “Servers") located on BGU property and/or on a communications network maintained by BGU and/or using a BGU IP address require advanced written authorization from either the BGU Rector or the BGU Director-General. The owners of such Websites and/or their operators must, at all times, undertake to comply with all the following requirements:
1. Whomever maintains such Website must be authorized by BGU to do so and must be given permits to operate on the BGU servers and network and on the partition where those Websites are hosted.
2. These Website must meet the technological and information security requirements, as determined from time to time by the University.
3. These Website may not include advertising.
4. All the expenses for the registration of such Website, their operation, their hosting on the Servers and any other related expenses, belong to the Website owners and/or operators.
5. The content of the Website (including software) may not include illegal materials; and/or cause infractions of copyrights; and/or contain commercial symbols or trademarks. Their contents must neither infringe nor breach the rights of any individual or entity, including BGU.
6. Any content that BGU require be removed from these Website, for any reason it sees fit, must be removed during a period that may not exceed 32 hours from the time the request is received. Such requests do not provide just cause for legal claims or suits by any entity or individual against BGU or its representatives in regard to the removal of said material from the Servers or network.
7. BGU may, at any time, remove the Website or block access to it, for any reason it sees fit. This does not provide just cause for legal claims or suits by any entity or individual against BGU or its representatives in regard to the removal of said Website or the aforementioned blockage of access to it.
8. On the Homepages of such Website, the following statement must appear:
“This website is hosted on a Ben-Gurion University of the Negev server, but is not owned by BGU. Sole responsibility for all the contents of this website and anything it cause belongs to its owner(s) and/or its operator(s) alone."
9. The homepages of the hosted website must include links to this “Regulation."
10. BGU has the right, from time to time, to change or add to these regulations and instructions, as it sees fit. The Website owners and/or their operators guarantee that they will uphold all the relevant instructions given to them by BGU.
11. In addition to the above, the Website owners and/or their operators affirm that they will meet all the legal requirements for operating these Website and its contents. The Website owners and/or their operators are exclusively liable (under civil and/or criminal law) for everything related to the contents of their Website.
12. Should BGU be asked to meet any expenses incurred by such Website, the Website owners and/or their operators accept the obligation to refund BGU for those expenditures caused by BGU's connection to their Websites.
Affirmation by a Website owner and/or operator:
I, the undersigned, do hereby affirm that I have read this document (Regulation), that the conditions for hosting my Website on the BGU Servers or Network are clear to me, and that I guarantee that I will act in accordance with the instructions herein.
Name of the Website being hosted or of an owner/operator: __________________________
Name of the hosting Server: ___________________________
Name of the hosting BGU unit: _______________________________________
Role of the undersigned: _________________________
Name of the undersigned: _________________________
I.D. number undersigned: ____________________
Date (DD/MM/YY): __________
Authorization for hosting the above Website on a Server, granted by the BGU Rector/BGU Director-General:
Date (DD/MM/YY) and Signature