IT Security Charter

Preamble

The Université Mouloud Mammeri de Tizi-Ouzou provides users with IT resources to enable them to carry out their assigned tasks. Improper use of these resources increases the risk of compromising the security of the university's information system.

Each faculty and vice-rectorate appoints an IT manager. These IT specialists, under the supervision of the Centre des Systèmes et Réseaux, form the university's IT security unit. It is chaired by the CISO (Information Systems Security Manager).

Article 1: Purpose

The purpose of this charter is to define the terms and conditions for using the IT resources of the Université Mouloud Mammeri de Tizi-Ouzou. It also defines the security rules that users must respect.

Article 2: Scope of application

The present charter applies to all persons who have permanent or temporary access to the IT resources of the Université Mouloud Mammeri de Tizi-Ouzou, using university or personal equipment.
The RSSI, the Centre des Systèmes et Réseaux and faculty IT staff are responsible for enforcing the charter.

Article 3: Ownership of computer resources

All computer resources made available to users are the exclusive property of the Université Mouloud Mammeri de Tizi-Ouzou ;

Article 4: Conditions of access to resources and the computer network

All access to the resources and web platforms of the Université Mouloud Mammeri de Tizi-Ouzou is subject to a prior authentication procedure.
All users are solely responsible for their publications on the web.

Article 5: User responsibility

The user is solely responsible for all use of the authentication means made available to him by the Université Mouloud Mammeri de Tizi-Ouzou.
The user is required to change his passwords as soon as he logs on to the platforms for the first time.
Article 6: Protection of means of authentication
In order to preserve the means of authentication made available to him/her, the user must:
- Ensure the protection and preservation of his/her secret authentication information;
- Change his/her secret authentication information periodically;
- Use passwords of at least twelve characters made up of letters, numbers and special characters;
It is strictly forbidden to communicate his/her secret authentication information to third parties.

Article 7: Use of computer resources

- The computer resources of the Université Mouloud Mammeri de Tizi-Ouzou may only be used for purposes directly related to his or her professional activities at UMMTO;
- The user must preserve the computer resources and means made available to him or her;
- The user is not authorized to install/uninstall or deploy applications or software on the computer means or resources made available to him or her without prior authorization;

Article 8: Obligations of the organization towards users

The organization must:
- Provide users with the IT resources they need to carry out their tasks;
- Guarantee the proper operation and availability of IT resources;
- Maintain the quality of service provided to users within the limits of the resources allocated;
- Inform users of the procedures and policies applicable to IT resources;
- Implement the necessary means to ensure the confidentiality and integrity of users' documents and electronic exchanges;
- Inform users that activities on the network and systems are subject to automated monitoring;
- Raise users' awareness of IT security risks.

Article 9: User obligations

The user must:
- Comply with the laws and regulations in force;
- Comply with this charter and the University's various procedures and policies;
- Scrupulously apply the University's computer security measures and guidelines;
- Not use or attempt to use the accounts of others;
- Immediately report any suspicious operation or security incident.

Article 10: Workplace safety and protection

The user must scrupulously observe the following safety instructions:
- Lock access to the workstation in the event of absence, even temporary;
- Alert technical services if new equipment connected to the workstation is discovered;
- Ensure that the workstation is equipped with antivirus software, and inform the appropriate department of any security alerts;
- Never connect personal equipment to the workstation;
- Scan all removable media connected to the workstation before using them;
- Switch off the computer during periods of prolonged inactivity (night, weekend, vacation, etc.); - Do not interfere with the physical operation of the workstation.);
- Do not intervene physically on the hardware (open CPUs, etc.).

Article 11: Use of professional electronic mail

The Université Mouloud Mammeri de Tizi-Ouzou provides students, teachers and ATS staff with professional e-mail accounts in the ummto.dz domain, enabling them to send and receive professional e-mail messages.
Professional e-mail accounts are also created for scientific events and UMMTO administrative services.
The use of professional e-mail is mandatory for professional activities at UMMTO;
Professional e-mail may only be used for professional, educational or research purposes. To this end, it is strictly forbidden to :
- Using it to register on social networks, forums and websites;
- Opening attachments and/or hypertext links sent from unknown e-mail addresses;
- Opening the professional mailbox from community Internet access areas, in particular cybercafés;
When the user's tasks require registration on social networks, forums or websites, a dedicated e-mail address is allocated to him/her after approval from the appropriate authority.
The user must be vigilant when using e-mail, ensuring that:
- The recipient's address is correctly formulated;
- The recipient is authorized to access the content transmitted;
- The correct attachments have been attached to the document.
The professional accounts of departments (deanery, services, vice-rectorates, etc.) are the property of the department. Each outgoing manager must pass on his/her login details to his/her successor without deleting any account data. This operation must be recorded in the handover protocol.

Article 12: Use of the Internet

Users with access to the Internet agree to:
- Limit use of the Internet to teaching, learning or professional purposes. Exploration of the Internet for personal purposes is, however, tolerated, but must in no way impair the proper functioning of the network or the user's productivity. It must take place exclusively outside working hours;
- Internet access may not be used for the prohibited purposes described below;
- Accessing sites with illegal content is strictly forbidden;
- Accessing torrent download sites or using bandwidth suckers is strictly forbidden;
- Do not overload the university network;
- Exercise caution when downloading files, and make sure to scan them with an antivirus program.
- The university's bandwidth is distributed equitably between its various services. However, part of the bandwidth may be required for important operations, such as the registration of new baccalaureate holders.

Article 13: Use of the distance learning platform

The Université Mouloud Mammeri de Tizi-Ouzou has a distance-learning platform managed by the Centre des Systèmes et Réseaux. Faculty IT specialists have administrator access to manage their parts of this platform.
All lecturers and students at the University have an account on the distance-learning platform.
These users are responsible for the data they publish on this platform.
Published data must be solely of an educational nature, the content of which remains the property of its author. Any kind of plagiarism is forbidden and its author assumes the consequences.

Article 14: The university's institutional repository

Teachers' and students' theses and dissertations, as well as abstracts, are published on the university's institutional repository (dSpace). This data can then be consulted online on the university's web platforms.

Article 15: mobile devices and storage media

The user must:
- Immediately report any loss or theft of a mobile device or professional storage medium to management;
- Lock mobile devices containing professional data when they are not in use;
- Formally prohibit anyone from outside UMMTO from transferring documents via removable media; all document exchanges must be carried out by e-mail. If the volume of data requires the use of removable media, these must be analyzed by the relevant departments before use;
- Encrypt confidential data contained in mobile devices and storage media;
- Keep mobile devices and removable storage media with you when travelling on business.

Article 16: Safety measures to be taken when traveling abroad

- The employee must keep his or her professional terminal and storage media with him or her at all times;
- The employee must delete all sensitive professional data, not required for the mission, from all removable media before any trip abroad;
- He or she must inform his or her superiors and the Algerian diplomatic representation in the event of inspection or seizure of computer equipment by foreign authorities during missions abroad;
- It is forbidden to use equipment donated during a trip abroad for professional purposes;
- He/she must mention in mission reports the list of connected objects donated during the trip;
- It is strictly forbidden for a foreigner to transfer documents via removable storage media. Any exchange of documents must take place exclusively by e-mail;
- The missionary must change the passwords used during the mission.

Article 17: Termination of the relationship between the user and UMMTO

- When the relationship between the user and the University comes to an end, the user must return to the organization all the material IT resources made available to him/her;
- The University will remove all the user's logical access to the IT resources made available to him/her.
- Professional e-mail accounts will remain operational even after the user has left.

Article 18: Incident management

In the event of an incident that could affect IT security, the organization may:
- Disconnect a user, with or without prior notice depending on the seriousness of the situation;
- Isolate or temporarily neutralize any data or file that contravenes the charter or jeopardizes the security of information systems;
- Notify the faculty IT manager, the Systems and Networks Center or the CISO.

Article 19: Non-compliance with the charter

Failure to comply with the rules set out in the present charter may result in the user being held liable, and disciplinary measures being taken against him or her in proportion to the seriousness of the offence.
Subject to informing the line manager, IT security managers may:
- Warn a user;
- Temporarily restrict or withdraw a user's access;
- Delete, compress or isolate any data or files that contravene the charter or jeopardize the security of information systems.
Without prejudice to disciplinary sanctions, anyone contravening the provisions of the present charter may be prosecuted.

Article 20: Coming into force

This Charter comes into force as soon as it is published on the university website. It is displayed during authentication to the university's local network and notified to users by professional e-mail.

All users of the University network must comply with the terms of this charter.

Download the IT security charter