• Castellano
  • Valencià
  • Directory

University of Valencia logo Logo General Foundation Logo del portal

1. Record of Incidents

 

The users of the FGUV information system who becomes aware of an incident is responsible for communicating the incident to the FGUV security officer (Contact telephone number: 96 353 10 64).

An incidence is any event that, at the discretion of the user, could put the information at risk. The blocking of the account, the loss of information and the loss of the password will be considered as incident.

Without prejudice to your subsequent register, security incidents will be immediately notified to the person responsible for security through the e-mail address protdades@fguv.es

The knowledge and no notification of an incident by the user of an information system is considered like a foul against security of the files on the part of the user.

2. Access passwords

 

The user of the information system must keep to their codes of the system secret, and must inform the Security Manager when the system has been damaged.

Access passwords of the system are personal end non-tranferable, and the user is the only responsible of the consequences must that may result for misuse, disclosure or loss.

3. Control of posts

 

The workstations will be under the responsibility of the authorized user who will ensure that information they display cannot be seen by unauthorized persons.

The user must close or block the session at the end of the working day.

Screens, printers or other devices connected to the workstation must be physically located in places that guarantee confidentiality.

4. Clean tables and printers policy

 

When living the workplaces (breaks, lunch break or end of working day), the user will leave completely free of documentation, using for this purpose drawers, file cabinets, cabinets, etc.

The user must ensure that there are not documents printer tray containing proprietary data. If the printers are shared with other unauthorized users to access the data in the file, those responsible for each workstation must remove the documents as they are printed.

5. Custody of keys and locking of doors and cabinets

 

The user of the information systems of the FGUV must keep correctly guarded the access keys to the offices, bucks, lockers, as well as any other element that contains unauthorized files with personal data, which must be closed when the user is temporally absent from this location, in order to avoid unauthorized access.

 6. Public service

 

The user information systems that attend directly to the public, may not have any information of another client/ user.

7. Storage of information

 

The user of information systems of FGUV must store all files containing personal data information in the folder server indicated by the system administrators, in order to facilitate backup files and protect access to unauthorized persons.

With regard to non-automated files, storage will be carried out in places that allow them to be closed with a key or mechanisms that prevent them to being opened, specially at the end of working days.

8. Creation of flies and temporally files

 

The user of information systems of FGUV is not authorized to create new files apart from the existent ones.  When, in development of its functions, need the creation of a new files that contains data of a new file containing personal data, it must first inform the person in charge of security in order to authorise the creation and establish the rules applicable of its implementation.

Temporary files must be deleted once they are no longer necessary for the purposes for which they were created and, while they are in force, they must be stored in the folder set up for this purpose by the system administrators.

If, after one month, the user detects the need to continue using the information stored in the file, he or she must inform the person in charge of security.   

If such temporary copies need to be made, the Data Security Officer must be informed in advance in order to authorise the creation and establish the rules applicable to its implementation.                 

Temporary files must be deleted once they are no longer necessary for the purposes for which they were created and, while they are in force, they must be stored in the folder set up for this purpose by the system administrators.  If, after one month, the user detects the need to continue using the information stored in the file, he or she must inform the Security Officer.

 9. Destruction and reuse of media

 

The user of the information systems of the FGUV must destroy the files containing personal data, as long as it is not necessary to keep them, once the task for which they were created has been completed.

The user will use the shredder to destroy lists and other inaccurate or obsolete documentation.

The user may not reuse paper containing personal data (AEAT models, lists, etc.).

10. Output of supports and transfer of documentation

 

The user of the information systems of the FGUV may not copy or extract from the offices, the information contained in the information system in which personal data are stored to any medium (laptop, USB or external disks, or lists on paper), without the express authorization of the Head of Security, who must note it in the security document. 

The transfer of any list or analogous document with personal data outside the premises of the FGUV is prohibited. In those exceptional cases in which the transfer of documentation is necessary, measures shall be taken to prevent the theft, loss or improper access to the information during transport.

11. Access to systems

 

When the access to the systems is done through communication networks, it will be done through the vpn.uv.es server and FGUV servers.