Norwegian version of this page

My responsibility as a researcher

Information security for researchers.

Terms you should know

IT systems and other equipment

You must

  • know what IT systems are being used in your research
  • know who operates these systems
  • always keep the system updated
  • make sure that the system is registered at USIT or via the registration application (Norwegian). Most IT systems used in research process personal data and should be registered.
  • be extra aware when technical equipment is accompanied by computer equipment or their own web solutions
  • know what administrative and technical requirements USIT demands of IT systems, computers and users. Read more about this in LSIS (Norwegian).
  • include local IT and USIT when phasing in and out new and old IT systems
  • involve local IT and USIT in the operating of the IT systems
  • be sure that the IT systems are integrated in the correct way with the rest of UiO's IT systems
  • report IT systems with special needs for expentions to USIT
  • take care that old systems are phased out or given special attention, eg. incorporated into the labnet service
  • have regularly scheduled run throughs of the systems to discover what changes have been made in other related systems that may give new opportunities or challenges


You must

  • familiarize yourself with the part of LSIS that is about classification of information
  • know where you can store different types of research
  • make sure that your team has approved shared disks (Norwegian) for sharing data. local IT can help you with this.
  • make sure that local IT is familiar with your research, including what data is being processed and who you are cooperating with
  • make sure that data exchanged with other environments is exchanged safely and correctly
  • make sure that data with protection needs (yellow, red or black data) does not end up without encryption on loose hard disks or USB units
  • make sure that you and your team does not store black data outside of the services made for this kind of data. This means largely TSD.
  • be extra attentive when data is transferred to laptops

Access control

You must

  • ensure that access to the systems in question is assigned and revoked with the help of good, written routines which are regularly revised
  • ensure that local IT is involved in access control and is familiar with what mechanisms used. This includes for example Cerebrum groups.
  • ensure that regular users does not operate the systems
  • ensure that people from other environments, who are using the systems, has access the right way, for example via WebLogin, UHAD or Feide.
  • ensure that the systems do not have local or impersonal users unless there is a special reason for it.
Published Nov. 30, 2018 10:34 AM - Last modified May 3, 2019 12:08 PM