Dean’s Measure no. 49/2018

Charles University, Faculty of Social Sciences

Dean’s Measure no. 49/2018

Title:

Rules for Managing the User Rights and Access to the FSV UK Information Systems

In effect from:

1. 11. 2018

In Prague on October 23, 2018

PhDr. Alice Němcová Tejkalová, Ph.D.

Dean of the Faculty

Article 1

Definition of Basic Terms

1. "User" of the information system at FSV UK is anyone who uses a computer equipment service of an information system provided and directly operated by FSV UK.
2. "User account" means the user identifier and the verification (authentication) mechanism of the person for an access to the information system service.
3. "External worker" is a person without labor or study relations with FSV UK.
4. "Service" of the FSV UK information system means an access to one of the functionalities belonging to a particular information system.
5. "Central Authentication Service" (hereinafter referred to as the "CAS service") is the central service of the computer network of Charles University operated by Ústav výpočetní techniky/the Institute of IT equipment (hereinafter referred to as the "ÚVT") in order to verify the identity of the users using the login name and password for an access to other services.
6. "WhoIS" is a web application managed by ÚVT to maintain an updated database of contacts of all the users with relations to Charles University in the current state. The application also includes an organizational structure.

Article 2

Types of User Accounts at FSV UK

1. User accounts are divided into three types:

• an account for employees with labor relations (the so-called "employees" role)
• an account for employees with DPP and DPČ (i.e. Agreement to complete a job and Agreement to perform work) and external workers of FSV UK (a “member” role),
• an account for students in any form of program including the PhD students, except for the students under ERASMUS exchange program (a “student” role).

Article 3

Establishment of User Account

1. The life cycle of the user account at FSV UK is managed primarily by the CAS service.
2. Any holder of a student or employee ID with labor relations, DPP, or DPČ can become the user of the CAS service.
3. The FSV UK external worker may become the user of the CAS service after s/he has been issued the card or upon the individual and well-founded request of the head employee, for a fixed term only.
4. The cards are issued at the service centers of Charles University. The issuing of the cards is governed by the Rector's Measure for the implementation and use of the cards at Charles University.
5. The condition for the establishment of a given type of user account includes the creation of labor relations with FSV UK or a study enrollment at FSV UK or another contractual relationship between an external worker and FSV UK.
6. The user accounts of employees and external workers are managed in the "WhoIS" personnel system, user accounts of students, including the international ones, are managed in the "SIS" system.
7. The user account is activated only after synchronization with the CAS service, usually within 24 hours upon the person's registration in CAS.

Article 4

Termination of User Accounts for Employees and External Workers

1. A user account for employees terminates on the termination of labor relations with FSV UK after expiration of the deadline for possible data renewal according to article 7, para 7.
2. The termination of labor relations with FSV UK is managed in the "WhoIS" personnel system.
3. The user account of an external worker expires on the day of termination of his/her contractual relations with FSV UK.
4. After recording the termination of labor relations or contractual relations in the "WhoIS" system, the user account is erased by a machine, including the e-mail account and all the documents contained in the mailbox, usually within 24 hours following the term recorded as the date of termination of the labor relations or the termination of contractual relations in the WhoIS system.

Article 5

Exceptional Suspension or Cancellation of a User Account

1. If a user abuses the user account for an activity that:

• breaches the laws of the Czech Republic, or
• grossly violates good morals, or
• intentionally damages the good reputation of FSV UK,

then the faculty reserves the right to suspend or cancel a user account with immediate effect, without any access rights to account-related dat

2. The same step might be taken by the faculty if a particular user account became an immediate security risk (for example, by being used as an automated tool for spreading illegal web content).

3. The Dean of the faculty decides on the exceptional suspension or cancellation of the user account upon the proposal of the head of the IT department and following the opinion of the Vice-Dean for the development.

Article 6

Changes to a User Account

1. During the use of the user account, there may be changes in the user ‘s relations to FSV UK and the roles may change, i.e.:

• Changing the relations from a student to an employee with labor relations (the role of a “student” changes into the “staff”)
• Changing the relations from a student to an employee with DPP, DPČ, external worker (the role of a “student” changes into the “member”)
• Changing the relations from an employee with labor relations to a student (the role of the “staff” changes into the “student”)
• Changing the relations from an employee with DPČ, DPP, external worker to a student (the role of the “member” changes into the “student”)
• Changing the relations from an employee with the main labor relations to an employee with DPP/DPČ/external worker (the role of the “staff” changes into the “member”)

2. If a change in the relations is not made immediately, but arises through a temporary loss of relations to FSV UK, then the procedure according to para 7, article 7 applies.
3. When changing the user’s relations from a student to a graduate, the following procedure applies:

• Upon completion of the studies, a notification message is sent to the existing e-mail account with a request to confirm an interest in the account renewal and information on the processing of personal data (i.e. e-mail account with the name and surname) after the student's relations with FSV UK have terminated.
• If a graduate confirms his/her interest in the account renewal and information on the processing of personal data after completing his/her studies, the user account of the student (e-mail account) will be retained for further use for the duration of 1825 calendar days (5 years) from the confirmation of the request for the renewal of the account.
• If the graduate does not confirm the request within 30 calendar days of a receipt of the notification report, the procedure in accordance with para 7, article 7 applies after the expiration of the period of 30 calendar days.

4. When changing the user’s relations from an employee to a student, specific roles and rights are withdrawn from the employee on the basis of the employee's clearance card. The user account of a student will be retained until the end of his/her studies. At the end of studies, the procedure followed is analogous to para 3 stated above.

 Article 7

Continuity of Access to Information Resources

1. In order to ensure the necessary continuity of the information resources, the so-called "general" user accounts are established, without stating the name or surname, for example in the form of dekanka@fsv.cuni.cz.
2. For the duration of the labor relations with FSV UK, the employee passes (forwards) electronic documents such as e-mail attachments, links to the documents, links to the shared storage space with documents not only to the name-based user account but at the same time also to the designated general not name-based user account, at the request of a senior employee who is the owner of the general not name-based user account.
3. If the document is in the faculty’s cloud storage (such as GDrive, OneDrive), the employee passes the document by setting the “owner's” rights to the general account.
4. A senior employee is entitled to require from his/her subordinate employees at the workplace assigned to him/her to pass (forward) the emails - containing the employee’s job-related messages and documents connected with the execution of the outgoing employee's agenda, including attachments - not only to his/her name-based user account but also to his/her not name-based user account.
5. The right to access the not name-based general accounts is governed by the organizational code of FSV UK – i.e. an access to the general user account is mainly provided for the direct senior employee of the organizational unit or his/her designated deputy.
6. The not name-based general user accounts are intended only for the fulfillment of the work tasks related to the performance of the work.
7. In order to maintain the continuity of the user’s rights and data and only in case of a temporary loss of the user’s relations with FSV UK (i.e. no more than 90 calendar days from the date of the loss of relations between a user and FSV UK), the user account will be temporarily suspended for the duration of 90 calendar days. Account suspension allows for data recovery. If there is a change in the type of the user account in accordance with article 6 para 1 while the account is being suspended (i.e. 90 calendar days), then the user account will be renewed. The account renewal is only possible based on a written request from the user delivered to the IT department. An authorized employee of the IT department then verifies via the personnel office the status of the user's relations with FSV UK and, based on the result of this verification through the personnel office (i.e. only if there are valid relations between the user and FSV UK), s/he can renew the suspended account.

Article 8

Temporary and Final Provisions

1. The Secretary of the faculty may, in cooperation with the head of the IT department, and also on the basis of the methodological instructions of the Data Protection Officer of Charles University (DPO), issue the rules for the implementation of this measure, in particular involving the issue of the establishment of the not name-based general user accounts and their forms,
2. The head of the IT department is required to ensure, within 90 days of the effective date of this measure, a disposal of all the existing name-based user accounts of former employees and external workers, whose relations with FSV UK have been terminated on the effective date of this measure at the latest.
3. An integral part of this measure is the binding guidelines of the Data Protection Officer of Charles University, available at https://www.cuni.cz/UK-9057.html as amended, including any other written instructions from the DPO.
4. This measure annuls the Dean's Measure no. 6/2017 of 1 February, 2017.

PhDr. Alice Němcová Tejkalová, Ph.D.

 Dean of the Faculty

In charge of accuracy:

Mgr. Tomáš Gec – Secretary of FSV UK

Mgr. Vít Kettner – Head of IT Department