IT Security policy

Contact
  1. Danish Technological Institute
  2. IT Security policy
Peter Vendelboe Hjortshøj

Your Contact

Contact me

Indtast venligst et validt navn
Or your phone number
?
Thank you for your message
Vi beklager

På grund af en teknisk fejl kan din henvendelse desværre ikke modtages i øjeblikket. Du er velkommen til at skrive en mail til Send e-mail eller ringe til +45 72 20 33 33.

IT Security policy

As an IT user, there are some important points you should be aware of, these can be found below.

Please feel free to forward our IT Security policy to customers, external partners, authorities etc. 

IT Security policy v3 2009

299 KB pdf

Using IT Systems
We always expect users of our IT systems to show consideration to others, and have a sense of responsibility. All activities should be work-related.

In addition, we have the following guidelines:

E-mail

  • The Institute’s mail system should not be used to propagate material of an offensive, religious or political nature, and it is forbidden to send spam, such as chain letters.
  • All mail will be stored, and can be accessed by our IT department if required if technical problems arise.
  • It is not allowed to forward internal mail to private mail addresses and similar places outside the Institute.
  • The Institute’s mail system can be used for private mail to a limited extent.
  • It is not allowed to send any mail to our customers and partners containing unsolicited promotional messages, special offers, newsletters and similar material without their prior permission.

Internet

  • Use of Internet-based services, such as communities, social networks, file-sharing and other group-based services for work-related purposes, must have prior approval by the Chief Technical Officer. Private and work-related spheres should be kept strictly separate.
  • The Institute’s computers should not be used to download and / or copy games, unlicensed music or software, or other material of an offensive, religious or political nature.

Data and Equipment
All information should be kept on the Institute’s servers and networks. Transfer of company information to hard drive or portable data media/equipment/devices is only allowed in the form of copying, and should not include confidential or sensitive personal information.

  • In cases where material is prepared when not connected to the Institute’s networks, the material should be copied to the Institute’s systems and networks at the earliest opportunity.
  • The PC’s should be locked when left alone (Windows button and L), and be shut down when the workday is over.
  • PC’s, mobile phones, and other data media/equipment/devices should be handed in to IT to be wiped before it is passed on to another employee.
  • The employees can only download and install programs on the Institute’s workstations if these programs are necessary for the review of specific information or to perform daily tasks.
  • The IT department reserves the right at all times to deny the user access to the network if installed software is considered a security risk, or if it is in breach of licensing regulations.

Network

  • Only equipment approved by the IT department and containing official security software may be connected to the Institute’s networks.
  • Installation of VPN software must be on equipment approved by the IT department.
  • Passwords to networks are private and should never be shared.
  • Only employees who have been assigned initials can access the Institute’s networks. Guests are not allowed to use the Institute’s networks, but a guest account valid for 8 hours can be issued on the wireless network. Guest accounts can only be issued by employees of the Institute.
  • The IT department reserves the right at all times and without warning to shut down systems on all networks for security reasons.
  • All activities on networks and systems are registered and archived.

Inactivity (the 3-Month Rule)

  • If you do not log on to the network for a period of three months, your network account will be blocked.
  • If VPN is not used for a period of three months, your VPN account will be blocked.
  • Network sockets will be closed if they are not use for a period of three months.
  • PC’s and other hardware will be rejected by the network if there has been no connection for a period of three months. Re-activation will only take place after the equipment has been updated.
  • After three months non-payment of salary (temporary employees) the network account will be blocked.

Breach of the Danish Technological Institute’s IT Security policy can affect the terms of employment, and in certain cases will result in a police report.