Sikkerhetsinstruks | Helse, miljø og sikkerhet - Ansatt

Security instructions

Security instructions

Here are rules concerning safeguarding of people, information and material values at OsloMet.
Published
Latest update

Version 1.1. Approved by IT Director.

Security at OsloMet

1.1. Peace, order and threatening situations
1.2. Emergency preparedness
1.3. Fire
1.4. Physically securing OsloMet's premises
1.5. Reporting criminal offences
1.6. Security incidents and breaches
1.7. Duty of confidentiality and declaration of confidentiality

Processing information at OsloMet

2.1.  Laws and regulations
2.2.  Deviations
2.3.  Safeguarding, storing and classifying data
2.4.  Archiving and keeping records
2.5.  Processing sensitive (confidential) information
2.6.  Who owns the information and the results?
2.7.  Personal data and privacy
2.8.  E-mail
2.9.  Calendar
2.10.  IT equipment and deleting information
2.11.  After you leave OsloMet
2.12.  Print, paper documents shredding
2.13.  Using IT systems, software and networks
2.14.  User account, password and authentication
2.15.  Remote access to OsloMet's systems
2.16.  Connecting with private equipment on OsloMet's premises

Contents

1.1. Peace, order and threatening situations

  • Peace and order shall be maintained in the working and study premises. 
  • Everyone shall feel safe at OsloMet. Aggressive or threatening behaviour is not acceptable. If you end up in a threatening  situation:
    • Keep calm without provoking. If the situation escalates, withdraw from the situation.
    • If you need assistance from a security guard, call 40 911 000.
    • In case of serious violent and threatening situations, notify the police immediately by calling 112.
    • OsloMet would like to know about these situations also after they have happened. Please notify OsloMet by sending an e-mail to sikkerhet@oslomet.no.

1.2. Emergency preparedness

  • Notify OsloMet's Emergency Preparedness Unit in the event of serious incidents or situations that may escalate. Call 40 911 000 (24 hours).
  • For emergency assistance abroad in the event of serious incidents, call the local emergency number (Store it in your telephone before starting your journey).
  • If you need assistance abroad, call the Norwegian Church Abroad emergency phone number: +47 95 11 91 81. The Church has agreed to assist OsloMets students and staff in emergencies. (You can download an app with the Norwegian Church Abroad's emergency phone number before travelling).

1.3. Fire

When the alarm sounds, you must:

  1. close all windows and doors in your area.
  2. follow the instructions given by the floor manager, superior, and/or the fire department.
  3. leave the building through the nearest emergency exit and proceed to the meeting point.

If you discover a fire, you must:

  1. alert everyone in the area, set off the fire alarm, and call 110
  2. rescue people who need help to evacuate the building
  3. extinguish the fire if you are able to
  4. evacuate via the nearest emergency exit

You must help prevent fires:

  • The use of candles and open flames is prohibited. This also applies to flares on the outside of buildings. The only exception applies to serviced areas: Fyrhuset café, Festsalen in Pilestredet 52, and laboratory areas that are approved for this purpose. For large events at Kjeller Campus or for special occasions such as ceremonies to mark a death, permission to use candles may be applied for by contacting bie@oslomet.no.
  • Electrical equipment:
    • Coffee makers/kettles must only be used with fixed timers.
    • Waffle irons, toasters, hobs, microwave ovens and other equipment must not be used without special permission from the Head of Physical Safety and Fire Prevention (contact bie@oslomet.no).
    • Extra heaters must not be used. If you want to raise the temperature in a room, contact bie@oslomet.no
  • You must not cover or disconnect fire alarms, fire detectors or sprinkler systems.
  • Keep escape routes free of clutter – avoid storing anything in or by designated escape routes.
  • The use of door wedges, etc. to keep doors open is prohibited, because this will prevent them from automatically closing in the event of fire. Closed doors prevent smoke and fire from spreading.
  • If you discover matters affecting fire safety, contact drift@oslomet.no

  • You are required to complete this e-learning course about fire prevention as soon as possible after joining OsloMet. It can be found at sikresiden.no

1.4. Physically securing OsloMet's premises

  • If you need to contact a security guard, call 40 911 000.
  • Admission cards/student ID cards are personal and must not be lent to others. Your code must be stored separately from the card. Always carry the card when on OsloMet's premises.
  • Do not permit people access to locked areas if you do not know that they are permitted to have access.
  • Latched doors must normally be kept closed and must always be closed before you leave at the end of the day. For fire safety reasons, door wedges, etc. must never be used to hold doors open. Windows must always be closed before you leave at the end of the day and when the premises are left empty during daytime.
  • If you lose your keys, immediately contact Brukerstøtte i Eiendom: bie@oslomet.no. If you lose your admission card, immediately order a new one on your user account, and the old card will be deactivated.
  • Documents or equipment containing sensitive information should be locked away and not be left accessible in OsloMet's premises when not in use. This also applies to offices that are locked.
  • Take good care of equipment/items that might be attractive to steal. Do not leave such objects unattended in public areas or classrooms. Remember that equipment may also contain information that you would not want to lose or let others have access to.
  • When you leave/are no longer an active student, your admission card will be deactivated. You must return keys to the reception in P46 (Pilestredet Campus) or at the reception at Kjeller Campus. You must return any equipment borrowed from OsloMet. IT equipment must be returned to IT Service Desk.

More about securing OsloMet's premises.

1.5. Reporting criminal offences

  • You are solely responsible for reporting thefts of and criminal damage to your property on OsloMet's premises.
  • All cases of burglary, theft, and vandalism perpetrated against OsloMet property will be reported.
  • We want to be notified of all criminal offences committed on OsloMet's premises. If you become aware of such cases, notify sikkerhet@oslomet.no. If your report contains sensitive information, please do not send this information in an e-mail. Ask for an appointment with OsloMet’s contact person for the police.

1.6. Security incidents and breaches

If you have questions or know something that can be significant for the safety at OsloMet, please send an e-mail to sikkerhet@oslomet.no. E-mails are only processed during office hours. NB! Do not send sensitive information in an e-mail. Ask for a meeting instead

Abour reporting security incidents and breaches.

1.7. Duty of confidentiality and declaration of confidentiality

  • Everyone who signs the declaration of confidentiality is obligated to make themselves familiar with what this entails.
  • The person responsible for the research project /practical training or immediate superiors must ensure that the necessary confidentiality agreements are signed and filed.
  • The duty of confidentiality also applies after you leave OsloMet.

About the duty of confidentiality and the declaration of confidentiality at OsloMet.

Safeguarding information

2.1. Laws and regulations

OsloMet is subject to Norwegian legislation and national security authorities. Amongst these are the European regulations on privacy, the Personal Information Act and the Act relating to national security. Legal orders and revisions of legislation can lead to changes in these instructions on short notice.

In accordance with Norwegian legislation, you may not post confidential information, personal data without consent, material protected by copyright without permission, defamatory accusations, racist remarks, or threats or representations of sexual abuse of children.

The purpose of these security instructions is to summarize the most important security aspects employees and students need to know when working and studying at OsloMet. These instructions are subject to OsloMets policy and guidelines for security, information security and privacy (NO).

2.2. Deviations

All deviations from relevant laws and regulations on information security as well as from these instructions, must be reported.

Please acquaint yourself with the routine for reporting deviations.

2.3. Safeguarding, storing and classifying data

  • Information and data, including personal data and special categories of personal data must be classified and stored in an appropriate manner, in accordance with OsloMets recommendations. 

  • You must have an awareness of the value of the information you process.

  • You must know whether any legal requirements apply to the information you process, and you must comply with such requirements.

  • You must know who you share the information with and that they are authorized to share the content.

  • You must know where you store the information and that it is sufficiently secured relative to its value and using the storing locations recommended by OsloMet.

  • Be conscious of what information you possess that could be misused by others. Apply sound skepticism, and be conscious of the different ways you may be tricked (e.g. by phishing, social manipulation, identity theft, and malware).

  • Familiarize yourself with the training material on fraud and hacking at sikresiden.no. Take Please pay attention to service notifications and relevant information from OsloMet.

2.4. Archiving and keeping records

  • Employees must see to that all information used in case handling and is valuable for documentation purposes, is registered and stored in OsloMet’s archiving system (Public360)

2.5. Processing sensitive (confidential) information

Confidential information and sensitive personal data (NO) must always be stored and sent encrypted.  It is your responsibility to ensure that the systems or equipment you use have built-in encryption. Is not, you must actively encrypt the information yourself.

Familiarize yourself with OsloMets list of approved storage options and routines for sending confidential information.

Familiarize yourself with OsloMets routines for encryption.

Confidential information must be deleted or shredded before the storage medium is discarded or repaired.

Confidential information is subject to duty of confidentiality.

2.6. Who owns the information and the results?

Questions of ownership of information may be regulated by law, be determined by an agreement, or assessed based on what assignments you have had at OsloMet and what investments OsloMet has made.

You may not use information belonging to OsloMet for private commercial purposes unless OsloMet has signed an agreement transferring the rights for commercial purposes.

You must not copy personal data or sensitive information that is collected or produced through your studies or work at OsloMet unless this has been cleared with the programme coordinator/immediate superior and a written agreement has been signed stating how it should be stored, used, and deleted.

Material protected by copyright may only be used, made available and distributed under an agreement with the licensee.

The information asset owner at OsloMet must ensure that the information is correctly processed according to its value and in compliance with laws and regulations.

2.7. Personal data and privacy

All personal data must be processed with caution, while sensitive personal data must be processed according to highly restrictive rules.

If you process personal data in connection with your studies or research or in other job contexts, your teacher/project manager/superior must provide you with the necessary training.

You are personally responsible for ensuring that you process personal data in accordance with the current procedures that apply for the data you are processing. If you have any questions, ask your teacher/project manager/superior.

Please read the Privacy policy at OsloMet. Familiarize yourself with the most important responsibilities for your role as described on the webpage for privacy and information security.

2.8. E-mail

All students and employees have a personal e-mail address: username@oslomet.no or firstname.lastname@oslomet.no. This address shall mainly be used in connection with correspondence related to studies/work.

You are expected to read your e-mail to catch important messages. Students are expected to stay updated  on information published in StudentWeb and Canvas.

Sensitive (confidential) information must be sent encrypted. Familiarize yourself with how to send information securely.

Bulk e-mail must only be used for dissemination of academic or administrative information that is relevant for the recipients on the address list. It must not be used for the purposes of exchanging opinions, marketing, or buying/selling. See rules for bulk e-mails at OsloMet. (NO)

Private/social e-mail communication, invitations, events, etc. may be distributed via bulk e-mail if an event is relevant for the recipients on the address list.

2.9. Calendar

Avoid entering private or sensitive information in calendars or as attachments to meetings. Such entries can be read by others.

Using calendar at OsloMet.(NO)

2.10. IT equipment and deleting information

  • Before equipment/media are sent for repair, handed over to others or discarded, all sensitive information must be deleted using the proper deletion software. The computer's regular deletion function is inadequate. Equipment must be returned to IT Service Desk for disposal or reinstallation.
  • If the equipment you return to IT Service Desk contains internal or sensitive information, you must always indicate this on the form that must be completed when returning the equipment. IT Service Desk will then delete such information in a proper manner before discarding the equipment. Memory cards and memory sticks including internal or sensitive information must be handed over to IT Service Desk for destruction if they are not to be reused by the exact same person(s).

About deleting and shredding av OsloMet. (NO)

2.11. After you leave OsloMet


When you leave OsloMet your user account is closed immediately. It will be deleted along with email and other information after 185 days (for employees) or 60 days (for students)

Before you leave OsloMet and your user account is deleted, you are personally responsible for removing information that belongs to you. Transfer OsloMet's information to the right location (archive, project, immediate manager or other.

IT equipment that is acquired and used for your employment relationship with OsloMet, is to be handed over to the IT service desk when you leave.

IT equipment that is acquired and used for your employment relationship with OsloMet cannot be purchased from OsloMet.

 

2.12. Print, paper documents and shredding

Sensitive paper documents must be securely locked away when you leave your office.

Paper documents containing sensitive information must not be disposed of in trash cans. They must always be destroyed in a shredder or be put in the plastic padlocked containers marked “Norsk Gjenvinning og sikkerhetsmakulering» (Norwegian Recycling and Secure Shredding). You will find these on different locations on the campuses.

2.13. Using IT systems, software and networks

  • OsloMet's IT systems shall mainly be used for purposes of study, teaching, research, administration or organizational work for associations that are relevant to studies or work.

  • The IT systems must not be used in ways that generate expenses for OsloMet unless expressly agreed in writing in advance with the IT department and the budget officer.

  • Clarify the need for a data processor agreement, licenses and acquisition before implementing new systems, applications or software. Employees must follow the rules for clarifying and assess these needs and order software from IT Service Desk. Licensed software must be distributed or installed by the IT department.

  • Show caution when using open wireless networks, as everything you transmit, including username and password, is easy to monitor. Always use VPN when using open wireless networks.

  • Assess apps before installing them, and delete the ones you do not use, Be aware of what you give apps access to. You should realize that apps can harvest information from your device without asking you or informing you.

Guidelines on using IT equipment and mobile devices at OsloMet.(NO)

2.14. User account, password and authentication

Never give anyone your password and never log on to OsloMet’s systems with somebody else’s password. If someone knows your password, you must change it.
​​​​​​
The password you use at OsloMet must never be used elsewhere, e.g. on Facebook og Gmail.
The password must be at least 16 characters long. Use normal words and sentences that are easy to remember, but it’s difficult to guess how they are put together.
​​​​​​​Always lock your computer or log off when leaving it in a room where others have access to, even if you are just popping out for a few minutes.
​​​​​​​Cell phones or tablets you use for study or work purposes must be protected with a personal screen lock.
​​​​​​​Two-factor authentication (aka multi-factor authentication) is a compulsory security measure that must be utilized when logging on to OsloMet’s digital services. Read more about multi-factor authentication.

Everything you need to know about username and password (employees)

Guidelines on IT user account and passwords (NO)

2.15. Remote access to OsloMet’s systems

  • Use OsloMet’s VPN solution when working or studying away from campus. This applies to computers, laptops, cell phones or tablets.
  • Remote access to OsloMet's system must only occur via the security solutions provided by IT Service Desk
  • Remote access must only be activated from trusted machines (equipment owned by OsloMet or personal equipment which only you use and control). You must not activate connections from random machines in internet cafés, hotel lobbies, etc.
  • Do not leave your computer unlocked when you are logged on, and log off when you are inactive.
  • Equipment owned by OsloMet must not be used by others, such as family members.
  • Central administrative systems must only be used from equipment owned by OsloMet and in accordance with OsloMet's guidelines for using the systems.
  • Avoid enabling people around you to view your screen, for example on a train.

VPN connections

Guidelines on using IT equipment and mobile devices at OsloMet (NO)

Guidelines for laptops at OsloMet (NO)

Are you going to acquire a new application or IT system?

2.16. Connecting with private equipment from OsloMet's premises

Connecting to the network: As a rule, you must connect to the wireless network, Eduroam. Network cables are available in classrooms for connecting private equipment. Connecting private equipment to cabled networks is not permitted in other rooms. If cable connection is necessary in special circumstances, such as during conferences, etc., contact itservicedesk@oslomet.no.

Installations in the network: You may not set up separate installations in the network (such as a separate server or wireless base station). The Department of ICT is notified of abnormal use of the network. If you require additional services in the network, send a request to itservicedesk@oslomet.no.

Requirements for private equipment: Private equipment must be installed with the latest security updates and antivirus software. Laptops must have their firewall enabled. File-sharing programmes such as BitTorrent must be turned off. Exemptions may be granted by applying to itservicedesk@oslomet.no.

IP address: Use the IP address that is automatically generated by OsloMet. Use the standard settings and do not set a fixed IP address.
Guidelines for ICT equipment and using mobile devices at OsloMet.

Guidelines concerning ICT equipment and mobile devices at OsloMet.

In case of emergencies

In case of emergencies

Call the emergency services: Fire: 110 - Police: 112 - Ambulance: 113

Campus security at OsloMet

Phone :
40911000
24 hours:
Contact campus security

Help abroad

Phone :
+4795119181
Place/Address :
Contact Norwegian Church Abroad
Call the local emergency services. Contact your insurance company. Download the Norwegian Church Abroad app before you travel abroad.:
Url :
Norwegian Church Abroad

Contact

E-mail :

Questions or reports on unwanted incidents or deviations. NOTE! Do not submit sensitive personal data via e-mail, as it is not a secure channel. Ask for a meeting in stead. E-mails will be replied to during regular office hours.