The ICT regulations for the University of Bergen
UiB takes data protection and data security seriously. All our
employees and students complete a basic course in these two topics.
Click here to enroll
The ICT regulations for the University of Bergen
Adopted by the University’s Board on 3/12/09, and last amended on
This is the unofficial translation. The Norwegian text is the formally
The purpose of the ICT regulations is to regulate the use of the
University of Bergen’s (UiB) information and communication technology
facilities (ICT facilities).
All the equipment, digital information systems and services used for
information management and communication are defined as ICT
The regulations apply:
• To all students, employees and others (such as external users, hired
personnel and guests), from now referred to as users, who are granted
access to ICT facilities at UiB.
• To any use of the ICT facilities at the University of Bergen and all
the equipment that connects to it.
• To the users private ICT systems and other ICT facilities to the
extent that they are used for performing tasks for the institution,
irrespective of whether the facilities are located on the premises of
the institution or not.
• To private equipment that connects to ICT facilities at UiB.
3 Access to the ICT facilities
Students and staff have a user account at UiB. A user account consists
of a username, password, home directory, and an email box. Others can
be granted access to ICT facilities as per a sanctioned requirement.
The system owner authorizes access to the various systems and
The students’ user accounts are inactivated two months after they have
completed their studies. A notification of blockage is sent one month
in advance. Employees’ user accounts are inactivated upon termination
of employment. A notification is sent one month before the end date.
Pensioners at UiB can apply to keep their user account with a changed
Others with access to the ICT facilities are inactivated when their
affiliation with UiB ends, or when the approved time expires.
User accounts are automatically deleted six months after their access
to the ICT facilities has been inactivated and the content has been
stored in the backup system for one year.
In the case of death, the user account will be inactivated. The
account is deleted after six months unless public authorities have
demanded access, or the estate of the deceased person upon probate has
applied for the right to the material.
4 Use of the ICT facilities
The ICT facilities shall be used to perform tasks related to UiB’s
business. The ICT facilities shall be applied in a way that does not
violate the law, regulations or UiB’s internal rules.
The users are obliged to prevent others from accessing their user
account. Users are not to seek to gain access to the user accounts of
Users are obliged to preventing unauthorized persons from gaining
access to the ICT facilities at UiB, including access to rooms where
ICT equipment is available. Without permission, it is prohibited for
users to change, modify or otherwise cause the ICT facilities to
operate differently than provided.
Users are obliged to respect copyright or similar rights to software,
services and other digital information such as images, music, film
Users are obliged not to use the ICT facilities in a manner, which
could expose UiB to a substantial loss of reputation.
Users are obliged to report issues that can affect the ICT facilities
security or integrity immediately to the IT department.
5 Activity log and control
The ICT facilities include solutions for logging of activities and
backup, among other things, in order to document offences or
discrepancies from internal rules and procedures, but also to
detect/discover security breaches in ICT facilities. The IT department
is primarily responsible for controlling access to network and general
ICT services at UiB, as well as for portable equipment and equipment
(owned by UiB) used outside of UiB.
6 Access to Information
In certain circumstances, UIB has the right to access an employee’s
email box, etc. cf. Regulations pertaining to the Work Environment
Act, cf. the General Data Protection Regulation article 88. The
regulations refer to the employer’s right of access to the email of
employee’s, and the rules cover, if applicable, the university’s
access to students’ email cf. the regulations section 9-1, clause 5.
For others who gain access to ICT facilities of UiB, UiB is entitled
to the same right of access as that of employees.
The following sections use the term «employee» from the regulations,
but the term also includes other users.
The email box means the email box that the employer has made available
for the employee’s use in their work at UIB. The rules apply similarly
to the employer’s access for searching and access in the employee’s
personal area in UIB’s computer network and other electronic
communications media or electronic equipment that the employer has
made available for the employee’s use in their work at UIB. The
provisions also apply to the employer’s access into the information
that the employee has deleted from the named areas, but which is
stored in backup copies or similar to which the employer has access.
Access can be carried out into ICT facilities that are not at the
disposal of UiB but which in general are covered by the ICT
regulations. The conditions for – and the procedures on access will
form the basis as far as they are appropriate.
6.1 Conditions for access
UiB has the right to search, open or read e-mail in the employee’s
• When it is necessary to ensure the daily operations or other
legitimate interests of UIB.
• Upon suspicion that the employee’s use of the mailbox is leading to
a serious breach of their obligations as per their conditions of work
or which can provide a basis for termination or dismissal.
6.2 Procedures for access
The employee will as far as possible be notified and given the
opportunity to make a statement before UiB conducts their access. In
the notification, UiB will justify the reason why the conditions are
deemed to be met and will inform the employee, as far as possible,
that they will be given the opportunity to be present when the access
is being carried out and that the person concerned has the right to
assist the spokesperson or another representative.
If the inspection is made without prior notice, the employee will be
given a written report as soon as the inspection has been conducted. The
information will, in addition to the facts about why UiB considered that
the conditions of access have been met, contain particulars about the
method of access used, which emails or other documents were opened and
the results of the access, cf. the Regulations on Employer’s access,
The exceptions from the right to information in the Personal Data Act
Section 16. apply accordingly. The exception also applies to any
The audit must be conducted in such a way that the data as far as
possible is not altered and that the information retrieved can be
If access to the email box shows that documentation is not available for
which the employer has the right to access, the email box and its
documents will be closed immediately. Any copies will be deleted.
A request for access into an employee’s email box will be advanced by
the senior manager (of the institute, faculty or section in the
central administration) in consultation with the HR Department and the
An application for access into a student’s email mailbox will be
advanced by the head of the faculty in consultation with the Education
Department and the current system owner.
The decision for access will be made by the university’s director.
In the case of death, the university director can decide to carry out an
access to find the business-related e-mail. Such access will be carried
out in cooperation between the unit’s manager and the HR Department.
UiB can give access to information, to logs and backup copies, to public
authorities when there is a legal basis in law or the regulations, as
well as by a decision of the court.
Violations of the regulation’s provisions can result in the user being
denied access to all or part of UIB’s ICT facilities. In addition,
there may be notifications that can lead to sanctions in accordance
with other rules, such as disciplinary actions as per the Norwegian
Civil Servants Act, or an exclusion from studies and exams in
accordance with the Universities and Colleges Act for the liability
for damages, criminal liability etc.
Temporary suspensions of up to 14 working days will be able to be
decided upon by the senior manager at the unit following consultation
with the system owner. The HR Department should be notified
immediately if the exclusion applies to an employee. Exclusions beyond
14 working days will be decided upon by the University’s director.
Temporary exclusions can be made on the justified suspicion that:
• The user has committed serious violations or
• The user or the user’s ICT equipment constitutes a significant
threat to information security.
In the assessment, emphasis will be placed on the seriousness of the
violation, and whether the user has previously violated the regulations,
which consequences an exclusion will have for the user and the
Any complaint of the decision struck under the legal authority of the
Civil Servants Act, the Universities and Colleges Act and the
Administrative Act is pursuant to these laws concerning the complaint.