Acceptable Use Policy for Electronic Resources, Services and Communication Infrastructure

Purpose

The purpose of this document is to define the Acceptable Use Policy for Electronic Resources, Services and Communication Infrastructure of Universidade Católica Portuguesa (hereinafter referred to as UCP).


Scope

The scope of this document aims at the correct and responsible use of the information systems and the entire technological platform that supports UCP activity, email service, wired and wireless communication infrastructure of UCP and computational resources and electronic services connected to the UCP communication infrastructure.


Recipients

This policy is applicable to:

  • Students from different study cycles, Erasmus, mobility students and Alumni;
  • Teachers and researchers;
  • Non-teaching and non-research workers;
  • Scholarship holders with a contractual relationship with the UCP;
  • Other people with a temporary link with the UCP;
  • National or international users accredited by Eduroam.


Security Policies

The security policy is based on UCP's internal policy and current legislation, incorrect use and violation of its services and resources is subject to disciplinary and/or criminal proceedings.


Incident Reporting

Incidents must be reported to the UCP Helpdesk by the quickest means (e.g., in person, telephone, e-mail). Helpdesk contacts are:

Phone: 309 100 110
Email: helpdesk@ucp.pt

In situations involving personal data, the Data Protection Officer must be notified in accordance with the provisions of the UCP Data Breach Policy.


Users

• The user must ensure that their devices are properly protected against computer attacks, e.g., security updates of the operating system and the antivirus system.

• The user, when temporarily absent from his workstation, must lock the screen.

• The user must not provide access to UCP's electronic data and services to unauthorized persons.

• Information relating to the UCP and accessed on shared devices must be deleted from them as soon as they become unnecessary.

• The devices provided by the UCP are for academic use, being used for purposes related to the UCP and educational use.


Online

• Passwords assigned by UCP to access the web portal and support platform must be changed according to the frequency established by the UCP, they must meet several complexity criteria such as having at least 10 characters, uppercase, lowercase and numeric characters.

• Passwords must not be shared with third parties and must be safeguarded.

• The mailbox assigned by the UCP services to any member of the academic community has purely academic use, and therefore must not be used for any other purposes.

• The user must not provide personal data or credentials via e-mail, telephone or any other means, nor click on links or open attachments sent by unknown and/or suspicious senders.

• You must not install software that is unauthorized or from untrustworthy sources.


Monitoring and record keeping

In compliance with the respective legal and statutory obligations, UCP monitors and records the use of the technological infrastructures under its management, namely, with the aim of keeping records considered necessary for the correct technical support of the equipment and guaranteeing the security of UCP's infrastructures. Such monitoring will be carried out in strict compliance with the interests of the organization and its users.

Within the scope of monitoring, UCP ensures non-interference in electronic communications protected by cryptographic algorithms, respecting the rights, as well as the privacy and freedom of its users.

UCP collects data regarding the use of infrastructures in a pseudonymised form, comprising only the data necessary for the previously identified purposes. Within the scope of some services, more data may be processed, with the user being informed in advance of the additional data in the conditions of use for each service.

In the absence of another retention period defined in the service's own conditions of use or by legal imposition, the records will be kept for a maximum period of 24 months.

Access to these records by any person external to the UCP is expressly prohibited. Access by UCP technicians is only authorized as part of the infrastructure security monitoring process or in exceptional and justified situations for technical reasons or compliance with legal obligations.

Privacy and personal data processing

UCP, within the scope of the pursuit of this Policy and attributions, collects personal data from users during the use of its infrastructures.

UCP guarantees strict compliance with current legislation on data protection and privacy, as well as guiding its activity by guaranteeing the rights and freedoms of users, in accordance with its Privacy Policy and its Code of Ethics.


Responsibility

UCP does not assume any responsibility for the use of its infrastructures when this involves any action contrary to the law, the statutes and these provisions, with such responsibility resting with the users.


Amendments to the Acceptable Use Policy for Electronic Resources and Services and Communication Infrastructure

UCP reserves the right, at any time, to make adjustments or changes to this Policy for the Acceptable Use of Electronic Resources and Services and Communication Infrastructure, these changes being duly publicized.

Regarding the collection and use of technical information, websites may use cookies, namely session cookies.

Technical information will only be used for statistical purposes.


Changes to the Privacy Policy

UCP reserves the right, at any time, to make adjustments or changes to the Privacy Policy, these changes being duly publicized.

UCP reserves the right to:

• Audit network and electronic services to validate the defined usage policies.

• Carry out monitoring/auditing actions of network and electronic services, for the purposes of security and service maintenance, by authorized personnel and without jeopardizing the confidentiality of information.

• Analyze any complaints about non-compliance with the provisions of this document. If these are valid, the entities involved will be notified and must immediately rectify their situation. In extreme cases, and in order to avoid major damage, UCP may unilaterally block institutional accounts, mailboxes, access to network and electronic services or temporarily disconnect the electronic equipment of a natural or legal person. In such situations, UCP will make every effort to inform the entities involved before putting into practice the actions previously described. The processes considered more critical will be made known to the Rectory.