Rules and Regulations


§ 1. Purpose and Scope

The Operating and User Regulations of the ICT and Digitalization (hereinafter referred to as “ICT”) pursuant to § 77(3) of the University Act of 1993 (UOG 1993) include guidelines for the use of ICT computer facilities, provisions regarding equipment, services, and the fee-based use of computer facilities. These Operating and Usage Regulations apply to all ICT staff and users. Furthermore, they apply mutatis mutandis, where applicable, to all university members and all university facilities, provided that these do not issue their own operating and usage regulations for their IT facilities.
 

§ 2. Management and Organization

The ICT shall be headed by a civil servant or a contract employee with relevant training. The Director of the ICT reports to the Rector of the University (§38(1)(3) and §52(3) UOG). The Director is responsible for planning the resources necessary for the ICT to fulfill its tasks (budget funds, staff positions, facilities) and for submitting relevant requests to the Rector. At the end of each fiscal year, the Director must submit an activity report to the Rector and the University Council, which in particular accounts for the allocation and expenditure of the budget funds allocated to the ICT. The Director is responsible for monitoring and ensuring compliance with the provisions of the Statutes and the Operating and Usage Regulations pertaining to the ICT. He or she is also responsible for allocating IT resources to users, granting user authorizations, and setting any applicable rates for the use of special IT facilities and equipment (see also BBO §13, paras. 2–4). The Director is responsible for supervising the staff assigned to the ICT. He or she must organize the work schedule and ensure the training and continuing education of his or her employees. In addition to the ICT management, the ICT is divided into the following departments: Server and Communication Systems, Client, User, and Software Services, and Information Systems. 
 

§ 3. Definitions

In addition to the definitions in § 3 of the DSG, these Operating and Usage Regulations use the following terms with the meanings set forth below:

IT facilities: IT facilities include, in particular, hardware, software, networks, information systems (including the applications of service facilities), and audiovisual and multimedia systems.
Users: This includes all university institutions and all university members, as well as external users, to the extent that they use the university’s IT facilities (see also BBO §7(1)).
Responsible Persons: Responsible persons are, in each case, the authorized signatories of the university institutions, unless other persons have been designated as responsible persons by these Operating and Usage Regulations or by other directives.
Employees: The term “employees” of a university facility refers to university members employed therein (pursuant to § 19 UOG 1993) and other service providers (e.g., under a contract for work, a freelance service contract, etc.).
Messages: The term “message(s)” refers to information and data of any kind intended for humans or machines. These may include text, characters, images, sounds, signals, and the like.
DSG: Data Protection Act, as amended.
IT: Information technology, synonymous with information processing in the form of information systems and technology
BBO: Operating and Usage Regulations
ICT: ICT and digitization pursuant to §77 UOG 93
 

§ 4. Responsibilities

The ICT is a service unit pursuant to § 77 of the University Act of 1993 (UOG 1993). The responsibilities of the ICT are set forth in the UOG 1993 and in the University’s bylaws. These include establishing and maintaining a high-performance network, communications, and computing infrastructure for information and data processing at the University’s facilities. In performing its duties, the ICT must, as a matter of principle, support the principles and duties of the university as set forth in § 1 UOG 1993.
 

§ 5. Resources

The ICT manages the centrally installed IT facilities (BBO §3(1)) as well as the rooms and personnel assigned to it. The management of the facilities includes resource planning, responsibility for their use and operational readiness, as well as for the procurement of necessary operating supplies. Personnel management includes responsibility within the scope of professional and administrative supervision.

The ICT may temporarily transfer equipment and rooms to a user for management within the framework of legal provisions, and likewise make personnel available for specific services. This transfer must be in writing and must in any case include the exact designation of the equipment, rooms, or persons, the location of installation or service, the name of the responsible user, and the duration of the transfer.

The ICT may assume the management of equipment, rooms, and personnel from users at their request within the framework of statutory provisions. The prerequisite for assuming management is the guarantee of fulfilling the tasks specified in § 4. This assumption of management must be in writing and must in any case include the exact description of the equipment, rooms, the location of installation or service, the scope of support, and the duration of the assumption.
 

§ 6. Functions

To coordinate matters related to information technology, the ICT shall, in particular, perform the following functions:

  • Conducting regular needs assessments to identify the future IT requirements of the Montanuniversität;
  • Developing medium-term concepts and project plans for the Montanuniversität’s information technology sector;
  • Coordinating the procurement of all IT equipment for the Montanuniversität;
  • Establishing standards to ensure compatibility, connectivity, interoperability, and the like.
  • The planning, creation, and maintenance of a high-performance network, communications, and computing infrastructure for the information and data processing of the university’s facilities includes, in particular, the following IT equipment:
  • Computer systems, information systems, database systems, workstations, servers, and peripherals in the central area;
  • Data network and telecommunications facilities up to the connection point;
  • The central telephone system, including end devices;
  • Computer workstations for teaching and administration;
  • Central software and campus licenses;
  • Audiovisual and computer-based media in central studios as well as in freely accessible rooms (auditorium, lecture halls);
  • Equipment available for loan for teaching and research purposes.
  • Consulting and support for all university departments in the planning, procurement, and operation of IT facilities, as well as in connecting to infrastructure facilities;
  • Creation, coordination, and operation of an automated information management system for the areas of administration and information and documentation management;
  • Development and provision of central database applications and tools to support all university members in automated administrative processes;
  • Advising university members on all matters related to information technology, as well as organizing and conducting courses, training sessions, and presentations on the use of IT facilities.
     

§ 7. Users

Users include university departments and university members to the extent that they use the university’s IT facilities and services, as well as those individuals and entities outside the Montanuniversität Leoben with whom a user relationship regarding IT facilities or services exists pursuant to statutory provisions or separate agreements.

Members of the Montanuniversität Leoben pursuant to § 19 UOG 1993 are entitled to use the IT facilities and services of the ICT for the fulfillment of their duties pursuant to § 1 UOG 1993.

University institutions within the scope of their partial legal capacity, as well as university members within the scope of § 20(6) UOG 1993, may make use of ICT facilities and services in accordance with the options offered by the Rector.

Subject to available capacity and the agreements entered into, other universities, colleges, ministries, and the Academy of Sciences, as well as their institutions, may also make use of the ICT’s IT facilities and services.

Furthermore, for the purposes of education, science, and culture, other persons and institutions outside the Montanuniversität Leoben may be permitted by the Director of the ICT to use the ICT’s IT facilities and services, subject to available capacity and agreement.
 

§ 8. Authorization to Use

All users of ICT computing facilities require an authorization to use issued by the ICT (BBO §2(4)), which is generally granted to specific user groups or upon written application for definable projects. Any request for resources of a particularly high quality or in particularly large quantities must be fully justified.

The user authorization expires upon completion of the relevant project, upon termination of university affiliation, upon cancellation or revocation of the user authorization, or upon suspension of service use for a period of at least one year. Upon expiration of the user authorization, all stored user data will be deleted. The user must be notified four weeks prior to the intended deletion.

Users who use allocated resources for purposes other than those described in the user registration or who cause usage unrelated to the project may have their user authorization revoked by the Director of ICT. This may also occur if a user utilizes IT resources in a manner that disrupts overall operations or uses resources in a manner inconsistent with the principles of efficiency, economy, and appropriateness.

This does not affect the provisions of administrative and criminal law, particularly those related to the DSG.

The Rector decides on appeals against the restriction, denial, or revocation of the user authorization after consulting with the Director of ICT. An appeal against the Rector’s decision may be filed with the University Council.
 

§ 9. Rights and Obligations of Users

Users and ICT staff are required to comply with the provisions of these Operating and User Regulations and with the supplementary guidelines and user regulations published in accordance with § 17.

Duties related to security and data protection take precedence over other tasks.

Users are entitled to make use of all ICT computer equipment and other resources necessary for resolving their issues, subject to the availability and allocation of resources and taking into account economic efficiency, economy, and expediency.

The user bears full responsibility for the use of the user authorization. Transfer to other persons is not permitted. Passwords must always be kept confidential and changed frequently. In the event of damage, liability for damages applies in accordance with the relevant legal provisions.

If copies of programs and data made available to users by the ICT are made unlawfully, the user is liable to the licensor or owner. The provisions of copyright law and those of the licensors must be observed in all cases.

Users must leave the ICT facilities in such a condition that they can subsequently be used properly by others.

The user agrees to assist the ICT and organizations collaborating with the ICT in investigating unauthorized use or damage to the ICT’s IT facilities. When connecting IT facilities to the central communications infrastructure, the user must comply with the ICT’s technical specifications and requirements.

Opening network access to users other than those specified in §7 (“third parties”) is not permitted. Use of the network by third parties generally occurs when they access national and international networks and network services via the IT equipment provided by the ICT, or when information services for third parties are operated on the University’s IT equipment.

If the ICT encounters criminal content in data sets or is made aware of such content by a third party, it must delete these data sets or block access to them and inform the Rector of the facts.

It must block access to these data sets and inform the Rector of the facts. The ICT must regularly inform the users.

Deviations from normal operations (such as shutdowns or system changes) must be communicated to users as early as possible.
 

§ 10. Transfer of Administrative Responsibility for IT Equipment

The ICT may temporarily transfer the administrative responsibility for a user’s IT equipment to that user in accordance with statutory provisions. The ICT may assume the management of users’ IT equipment at their request, in accordance with statutory provisions. A prerequisite for such a transfer of management is the assurance that the ICT’s duties will be fulfilled. The assumption of management must be in writing and must include the exact equipment description, the installation location, the scope of support, and the duration of the assumption.
 

§ 11. Access, Opening Hours, and Operating Hours

ICT users have access to the ICT’s public user areas, but not to the designated security zones. Only ICT staff and maintenance personnel authorized by the ICT are permitted access to these areas. Other individuals, including cleaning staff, may only enter when accompanied by ICT staff. IT equipment in security zones may only be operated by personnel authorized by the ICT.

The removal of IT equipment from the ICT’s service rooms and from public areas of the Montanuniversität Leoben (e.g., lecture halls, hallways, etc.) as well as any technical modifications to the provided IT equipment may only be performed by ICT staff or by persons authorized by the ICT for this purpose.

The ICT’s opening and operating hours must be adequately publicized. New customer service hours (e.g., for working professionals and evening hours) must be taken into account.
 

§ 12. Allocation of Resources, Computing Time, and Access Permissions

The ICT strives to make available the IT resources necessary to meet all user requirements through long-term planning and capacity procurement, based on forecasts and capacity requests. Access to IT facilities is permitted only with a corresponding user authorization issued by the ICT. The allocated user rights are exercised by individuals (individual users) who receive a project-specific user authorization (username, account number) for this purpose.

The ICT allocates IT resources by setting maximum limits based on existing bottlenecks in IT facilities (such as CPU utilization, mass storage, and bandwidth for network connections). The allocation method and the validity period for the project-specific user authorization are communicated to the users. Special arrangements regarding resource allocation may be made for large-scale projects. If available capacity is insufficient or if resource bottlenecks occur due to disruptions, the ICT must give priority to supporting work that is subject to legally mandated deadlines. To this end, users must indicate the level of urgency at the time of registration. If there are multiple time-sensitive competing tasks, the ICT must coordinate with the affected users.
 

§ 13. Billing for Services

IT facilities (including equipment) are provided by the ICT in accordance with the budgetary funds approved by the Rector.

For the users specified in §7(2), there is generally no obligation to pay for the use of ICT facilities and services. However, the ICT may charge a fee to cover costs for certain equipment and consumables, software licenses, and the provision of special services. These fees are determined by the Rector upon the recommendation of the Director of the ICT.

For users pursuant to § 7 (3), cost reimbursements shall generally be calculated on a cost-covering basis. The determination of cost reimbursements is the responsibility of the Rector upon the recommendation of the Director of the ICT.

When university units utilize ICT facilities and services in connection with the performance of tasks within the scope of their partial legal capacity, cost reimbursements shall be paid in accordance with § 3(5) and § 4(3) of the University Act of 1993 (UOG1993), which are determined by the Rector upon the recommendation of the Director of the ICT.

When users utilize ICT facilities and services in accordance with § 7(4) and (5), reimbursement of costs shall be paid, which shall be determined by the Rector upon the recommendation of the Director of the ICT.
 

§ 14. Communication with Users

Deviations from normal operations (such as shutdowns or system changes) shall in all cases be communicated to users in an appropriate manner. Furthermore, the ICT shall provide information on ongoing operations and new developments through periodic and/or ad hoc communications.

Information regarding data backups performed by the ICT in accordance with BBO § 15 and the duration of storage of these backup copies shall be provided to users in an appropriate manner.

The ICT shall hold user meetings as needed. All users with a valid user authorization shall be invited to these events in an appropriate manner. Users must be informed at a minimum about the activities and future developments of the central IT facilities. Users must be given the opportunity to address inquiries and suggestions regarding the work of the IT facilities to the ICT management.

For the further training of users, the ICT holds courses on the use of IT facilities and AV media.

Users shall be advised on the effective use of the facilities and equipment to the extent possible. Users shall direct their suggestions, requests, and complaints to the Director of the ICT.

Users are obligated to provide the ICT, if necessary, with a brief written report on the results and necessity of the IT services they have utilized.
 

§ 15. Data Backup

Responsibility for data backup—in particular the backup of users’ programs and data—against loss or destruction during the processing or storage of data lies with the respective user of the IT facilities themselves.

For projects requiring enhanced data security, the client may agree upon special data backup arrangements with the ICT. This applies in particular to the backup and archiving of central databases and data sets of the central administration and other service facilities.
 

§ 16. Supplementary Data Security Regulations

For the automated processing of personal data, clients, service providers, and users must ensure compliance with data protection requirements within the scope of their project responsibilities and adhere to the provisions of the Data Protection Regulation of the Montanuniversität Leoben.

Central database servers on which personal data is processed must be located within the ICT security zone and protected against unauthorized access. This includes, in particular, the installation of a “firewall” to prevent access via the University’s communication systems.

Every type of data backup involving personal data must be documented in writing; data storage media must generally be kept within the ICT security zone.

For the purpose of data backup against disasters or archiving, data storage media may also be stored outside the security zones in areas that are both physically and technically secured.

In principle, information and data, to the extent that they are necessary for hardware or software maintenance, are evaluated only within the ICT’s area of responsibility. If it is absolutely necessary to transfer data to a maintenance company, a confidentiality agreement must be entered into with that company. Users agree that data may be disclosed under the conditions listed above.

Access to the ICT’s security zones is restricted to ICT staff and maintenance personnel authorized by the ICT, for whom a corresponding log must be maintained.
 

§ 17. Supplementary Guidelines and Terms of Use

Relevant terms of use for specific ICT facilities (e.g., data network infrastructure, computer training rooms, telephone system, AV equipment, loaned devices, ...) as well as specific guidelines for ICT services and data security measures shall be published by the Rector in the Montanuniversität Leoben newsletter upon the recommendation of the Director of the ICT.
 

§ 18. Violations

Users who use allocated resources for purposes other than those described in the user registration, or who cause the resources to be used for purposes unrelated to their project, or who violate the operating and usage regulations or the supplementary guidelines and usage regulations issued pursuant to § 17, may have their user authorization temporarily revoked by the Director of the ICT, without prejudice to any administrative or criminal consequences. This may also occur if a user utilizes IT resources in a manner that disrupts overall operations or fails to use resources in accordance with the principles of efficiency, economy, and appropriateness.

The Rector shall decide on appeals against the restriction, denial, or revocation of the user authorization after consulting the Director of the ICT. An appeal against a decision of the Rector may be lodged with the University Council.
 

§ 19. Entry into Force

These Operating and Usage Regulations were adopted by the University Council on October 27, 1999, approved by the Federal Ministry of Science and Transport by decree GZ 24.603/3-I/A/4/99, and published in the Montanuniversität Bulletin on January 12, 2000, in Issue 15.

They enter into force on the date of this publication.