Information Security Regulation for End Users

I.    General Rules

  • Set up a strong, unpredictable password for the login account.
  • Do not disclose or share the login account under any circumstance.
  • When receiving strange emails of unknown origin, it is not allowed to open links, and attachments and notify the IT department immediately for support.
  • Do not access websites with prohibited, anti-government, or illegal content.
  • It is forbidden to use the Internet to distribute malicious programs (such as viruses) or to distribute false information that infringes upon the rights and interests of organizations and individuals.
  • Do not install/ connect unauthorized IT devices (Wi-Fi router, switch, IoT device …) in the local network.
  • Using hacking tools to attack, monitor and change information flow in the local network is forbidden.
  • Do not use non-copyrighted software.

II.  Additional Rules for Employees

1. Rules for the use of computers and IT equipment

  • Lock the computer screen before leaving the desk.
  • Only use/ install approved programs and software on provided IT equipment.
  • Protect the provided IT equipment, and avoid damage, loss, theft, unauthorized access, or use of the device.
  • The use of external data storage devices needs to apply the data encryption method managed by IT department and is only allowed for academic and research purposes. Other exception requires approval by the authority.
  • Do not use personally owned computers for the regular work of the university (except for Adjunct faculties and Affiliate faculties).

2. Rules for accessing and using the IT systems

  • Only access to allowed applications/ resources.
  • For employees authorized to use OneDrive, data sharing must require authentication.
  • Do not create a Group in MS Teams with a user account that does not belong to VinUni/Vingroup.
  • It is forbidden to share the data of VinUni/Vingroup externally via free tools on the Internet (Google Drive, Dropbox, Box, Viber, Skype …), except only for academic purposes.

3. Rules for using email service

  • Only use the email account for work-related purposes.
  • Do not manually configure automatic sending/ forwarding of internal VinUni emails to the outside of VinUni/Vingroup (Yahoo mail, Google mail, etc…).
  • Do not use your personal email account regularly for work-related purposes.

Status and Details

The purpose of this document is to establish minimum standards and guidelines to protect against accidental or intentional damage or loss of data, interruption of university operation, or the compromise of sensitive information.

Reference Number:

VU_CNTT05.EN

Document Type:

Policy

Issuing By:

VinUniversity

Issuing Date:

Nov 20, 2020

Applying for:

All employees of VinUni/VinAcademy including adjunct faculties and affiliate faculties; Students of VinUni and Partners who use the IT systems of the university

Security Classification:

Public

Record of Changes

Revision Date Author / Editor Description
V1.0 Nov 20, 2020 Developed by: IT Department
Approved by: University Council President
First issued
V2.0 Apr 08, 2021 Developed by: IT Department
Approved by: University Council President
Update information