Rules on computer use at RU
1. General points
1.1 Objectives and scope
The purpose of these rules is to inform users of the RU computer environment on how to handle digital content, e-mail, computer equipment, manage their internet use, and clarify how RU supervision and responsibility is carried out.
Each user (i.e. an individual who receives a username for RU computer environment) must use computer equipment responsibly and in accordance with these rules in order to ensure security and confidentiality. Users are also required to follow the rules and terms of RH-nets.
Users of the RU computer environment shall be aware of their obligations when processing personal data in accordance with laws and regulations on data protection and RU's privacy policy, which is available on RU’s website. When storing data, users must follow the instructions on data storage at RU.
2. Usage
The RU computer environment (i.e. all computer, software and hardware owned by RU, internet connections, network equipment, wireless networks, and network cables, as well as all domains, websites, computer systems and cloud services used in operations) shall be used in connection with work for RU. Digital content stored in the user's workspace and in the University's systems is the property of RU, unless these rules stipulate otherwise.
The intranet is a part of the RU computing environment and is only for students and staff. RU Guest Network is for other users.
2.1 Unauthorised use
The following is not permitted in the RU computer environment:
1. To install software other than that approved by IT for use, unless specifically approved by IT. However, IT may grant certain employees a temporary or permanent exemption when this is necessary due to their work duties, and this is recorded and traceable in IT’s ticket system.
2. To connect equipment with a remote connection (e.g. VPN) to the RU network in a manner other than those authorized by IT.
3. Using the RU computer environment to access and/or download electronic material that:
a. may contain illegal content and violates copyright laws and other applicable laws/regulations
b. is indecent
Unless this is part of projects or research of the employee or student concerned, and then in accordance with documented procedures.
4. To use RU's data storages for the storage of films, music and photographs intended for personal use.
5. To set up automatic forwarding of e-mail from the RU e-mail system, e.g. to the user's personal e-mail address.
6. Sending content that is unlawful, indecent, threatening, defamatory, hateful, encourages illegal activity or may give rise to a claim for damages against RU and/or User or others.
7. Opening attachments and links unless the user knows and trusts the sender due to the risk of malware. This does not apply to users who have received formal authorization for research or security testing, provided that such activities are carried out in accordance with documented procedures and appropriate security measures.
8. To identify or store digital content, documents, e-mails and other data relating solely to RU operations as private data.
9. Using a RU email address to log in and/or to access systems that are not run by the University,e.g. on social media.
10. Using unapproved data storage in cloud services for their work for RU. If there is any doubt as to whether the solution in question is permissible, please contact IT.
If there is a suspicion that information security is threatened in any way, e.g. if the user mistakenly accesses a website containing unauthorised content, opens attachments with malicious material, becomes aware of or suspects that an object has been accessed by the user's computer equipment, the user shall immediately notify IT via help@ru.is
2.2 Permitted private use
The use of the RU computer environment for personal use shall be kept to a minimum and must not constitute unauthorized use (see further section 2.1). Digital content is considered to be private if it is stored in folders where the name of the folder is identified in such a way that it is clearly indicated that the folder contains private data. RU is not responsible for users' private data.
The handling of the User's private data by RU shall be in accordance with Section 3.3 of this Regulation.
2.3 Access management and identity management
Users' access to the RU computer environment is controlled by an ID issued by IT. IT handles access management for the University's systems on behalf of those who are responsible for the data stored by the systems. Upon termination of employment or studies, IT deactivates access according to a notification from the HR system, or a request from a supervisor or departments.
An ID is only for the use of the user who it is assigned to, and the user is not permitted to allow others to use his/her ID. The user must ensure the secure use and storage of his/her ID. If a user suspects that the security of his/her ID is threatened, has been threatened or has fallen into the hands of an unauthorised person, he/she must change his/her password immediately and contact help@ru.is and/or the University's Data Protection Officer in personuvernd@ru.is.
Users should be careful not to use passwords to RU systems also in systems outside the University, such as on social media, as this increases the likelihood of unauthorized persons gaining access to RU systems.
Users shall to the best of their ability ensure the security of their identity by locking devices or logging out. Special care should be taken when using ID in cafeterias, airports, and other open spaces.
2.4 Handling of digital content
Digital content stored in the user's storage workspace and in the University's systems is the property of RU. All digital content is regularly scanned for virus infection to ensure information security. The scope and nature of digital material stored in the University's data areas is monitored.
E-mails, and their attachments, that relate to matters in a subjective manner shall be registered and stored in RU's records management system, see further information here.
Users shall only use software and cloud services approved by RU in their work. If the user deems another software or cloud service more suitable, he/she shall specifically justify this and obtain approval from his/her immediate supervisor and IT, but IT cannot provide advice or further services in relation to such software.
2.4.1 Handling of digital material at the end of employment or studies
Upon termination of employment, the user shall ensure that all work data, including e-mails and their attachments, are stored in central workspaces or, where applicable, in the RU records system.
Upon termination of employment or studies, the user's email address is closed within 2-4 weeks.
It is not permitted to turn on automatic forwarding of a user's e-mail after the end of employment or studies. Users are advised to set their e-mail inbox to automatically reply to all e-mail messages until the e-mail inbox is deleted, with a reminder that the user has retired and information about where to direct the message if requested. After the user has retired, his/her e-mail address may not be reused until 12 months after the e-mail address has been closed.
Upon termination of employment, the user is not permitted to delete or make copies of data from a computer environment, other than private data and published works, unless an agreement with a third party stipulates otherwise or in consultation with a supervisor. The user is given the option to back up private emails and private data. No later than 3 months after termination of employment or studies, the user's mailbox and workspace are deleted, along with all data stored there.
2.4.2 Security backup
RU backs up digital content stored in RU systems and in shared data spaces to ensure data security. Data is not copied from users' computer equipment, e.g. on a computer's c-drive.
2.5 Email addresses and shared mailboxes
The user is assigned an email address containing the first name and first letter of the father's name, according to the HR system. Employees can request access to shared RU mailboxes. Such a request must come from the appropriate supervisor.
2.6 Digital communication
Digital communication, e.g. through e-mail, communication systems, teleconferencing systems shall only take place in systems that have been approved by IT.
Employees should have a signature in their emails and a template for signatures can be found on the intranet. Personnel who send e-mails from shared mailboxes should generally include their signature.
The sender of an e-mail shall always check the recipient's e-mail address before sending an e-mail. If an e-mail containing personal information is sent to the wrong recipient, the University's Data Protection Officer must be informed, personuvernd@ru.is.
Online meetings organised by RU shall be created in approved teleconferencing solutions. Participation in meetings requested by external parties through other teleconferencing systems is permitted, but only through a web browser.
Each user is responsible for his/her own use of digital communication. The user must be careful in all digital communication. The user should also constantly be mindful of who he/she is communicating with during the communication, and not share information and attachments in his/her communication unnecessarily.
2.7 Management of IT systems
Users who may have extensive access to the RU computer environment due to their work must respect the confidentiality of their work in all respects and they are not permitted to study data and information that falls outside their scope of work.
Users who may have extensive access to the RU computer environment due to their work in the operation, maintenance, and service of systems are strictly prohibited from using their access to connect to the computer environment with the identities of other users, bypass access control, access control, and access and read digital content. The same applies to the examination of any information that may be stored in a computer environment regarding users' internet use and other their personal data, with the exception of the cases discussed in section 3.
If there is any suspicion that this rule has been violated, the person concerned shall act in accordance with chapter 4 of these rules.
2.8 Computer equipment management
IT management of computer equipment involves, among other things, ensuring that equipment is safe for use and that the equipment meets IT requirements for performance and quality. IT manages all computer equipment in the RU computer environment and replaces or blocks connections of unknown equipment or equipment that is deemed insecure or obsolete.
2.9 Software management
IT provides software for computer equipment managed by IT. IT staff is responsible for the installation of software. Users are allowed to install software authorized by IT. It is not permitted to install other software on RU computer equipment except in consultation with IT. IT management involves ensuring that requirements for security, privacy, valid licenses and general functionality of software are met. IT is authorised to monitor and inspect the installation of software and operating systems on equipment connected to the University's network for licensing purposes, security interests and to prevent the use of unwanted software.
2.11 Enhanced access rights to local admin
For security reasons, the rights users have to hardware owned by the University is limited. This is done, among other things, to limit the flow of bad weather through the school's systems, limit possible data leaks or the possibility of installing licensed software.
If a user believes that he/she needs to have increased rights to a machine owned by the University, the supervisor shall send a request to UT. The request shall state the reason for requesting increased rights. Before granting increased rights, IT shall endeavour to provide the services that increased rights require. If for some reason this is not possible, the user will be given consent that the person in question is aware of the responsibilities, obligations and risks of having increased rights. The manager of the user in question will then be notified of the costs incurred as a result of the increased rights of the user. Users who have increased rights will need to undergo training at least once a year, or as determined by IT.
3. Monitoring of use
3.1 Event Logging and Traceability
All use of equipment owned by the University, as well as use of the University's network, is identified to the user. Logging in and out of the school's computer equipment is monitored, which enables the school to see on the equipment in question which staff or students have used the school's equipment at what time.
The school monitors the use and amount of data on the school's network for the purpose of detecting whether abnormal traffic is present. Such an analysis is necessary for security reasons, but also to monitor that internet use is in accordance with the University's rules.
The University reserves the right to examine more detailed information on internet usage, connections and amount of data of individual users if there is reasonable suspicion that the person in question has violated applicable laws and regulations.
Data that is generated and related to event logging is access-controlled. A special examination of such data is only permitted when it is deemed necessary to trace events. RU reserves the right to have files reviewed if the operation of systems or security requires it. In the case of files containing private data, the user in question generally has the right to be present while the data is being reviewed, or to appoint another person in his place. However, this does not apply if there are compelling interests against waiting for the person in question, e.g. in cases where there is a serious failure of the computer system.
3.2 Supervision
Supervision of compliance with these rules is in the hands of the Director of IT and the person to whom he or she delegates such supervision and shall be in accordance with applicable laws and regulations at any given time.
Information obtained for monitoring in accordance with these Rules may only be used for the purpose of monitoring the RU computer environment and to monitor that internet and computer use is in accordance with University rules. They may not be disclosed or processed further without the consent of the user in question. However, it is permissible to hand over material containing information on alleged criminal offences, as well as to supervisory authorities authorised by law to request such documents, in which case care shall be taken to destroy other copies unless there are special legitimate interests to the contrary. It is also permissible to use data to define, present or defend a legal claim in connection with court proceedings and other pressing interests, e.g. in connection with dismissal from employment. Authorisation for delivery and access is, however, always subject to applicable laws and regulations at any given time. See section 4.1 for details.
A person who has been subject to supervision pursuant to this chapter has the right to inspect the data obtained about him in connection with monitoring. Such requests shall be directed to the Data Protection Officer, personuvernd@ru.is and shall have access to data in accordance with the provisions of the Data Protection Act.
3.3 Viewing digital content
At and after the end of employment, contract or study, RU is authorised to view digital material relating to the user in question and which is not considered to be the user's private data, cf. paragraph 2, section 2.6 of this Regulation.
Work- or study-related data may only be viewed if necessary for RU legitimate interests, e.g. to obtain data from them when a user is absent, has retired, died or suspicion has arisen of abuse or misconduct at work.
Inspection of digital content may only be carried out on the instructions of a supervisor and in accordance with IT’s procedures. However, the user must always first be given the opportunity to be present at the inspection or send someone to replace him. The user has the right to know who or who has viewed his/her data and what data is involved.
3.3.1 Viewing private e-mail and digital content privately owned by users
It is not permitted to view private e-mails or digital material in the private possession of users according to section 2.6 of this Regulation, except if absolutely necessary, due to a computer virus or similar technical incident. Such an inspection may only be carried out on the instructions of the Director of IT. Always try to get the user's consent if possible. If an employee refuses to give his/her consent, he/she shall nevertheless be given the opportunity to be present at the inspection. If the user is unable to attend the inspection himself/herself, he/she shall be given the opportunity to appoint another person in his/her place. However, this does not apply if there are compelling interests against waiting for the person in question, e.g. in the case of a serious malfunction of the computer system, and it is not considered that the privacy interests of the person in question outweigh them. The user must be informed of the inspection as soon as possible. The user always has the right to know who or who has viewed his/her data and what data is involved.
3.3.2 Inspection of network usage
Information about users' internet usage can be stored both on the school's servers and on each user's computer. It is not permitted to examine information specifically on the internet usage of an individual user unless there is reasonable suspicion that the user has violated applicable laws or school regulations (see section 4). If there is reason to investigate a criminal offence, the police shall be consulted.
4. Violation of rules
4.1 Procedure of violations
If there is any suspicion that a violation of these rules has been made, it shall be reported to the user's immediate superior, who shall decide on the continuation of the case, or the head of department, if the matter concerns a student.
4.2 Penalties for violation
Violation of these rules is considered a violation of employment and may result in dismissal in the case of repeated or serious violations. Violations of these rules by students may result in a reprimand or expulsion from studies in the case of repeated or serious violations.
5. Disclosure of information
These rules shall be published on the RU website and on the intranet of employees.
When users gain access to the University's computer environment, they shall be advised of these rules.
The parties that provide RU services to IT systems shall be informed of these rules, together with a confidentiality declaration that they sign.
6. Entry into force and revision of rules
These rules were established in September 2025. The rules and their implementation shall be reviewed and reassessed six months after their entry into force.
Approved by the RU executive council on September 26th, 2025
- Rules on computer use at RU (PDF)
- Criteria for the use of Artificial Intelligence in course assessment
- Rules
- Policies
- Strategies
- Regulations
- Accreditation
- General rules on study and assessment
- Final Exams – Important Rules
- Code of Conduct
- Conduct in open work areas, study rooms and project rooms
- Conduct in Classrooms
- Rules on submission of final theses at RU
- Advancement in BA and BSc studies and transfer of credits
- Rules on Postgraduate Studies
- Rules on Doctoral
- Code of Ethics
- Rules on RU Research Fund