Internet Access and Usage Policy

This policy has been established in order to promote the legal, ethical, and secure use of the internet service provided at Hakkari University, to prevent inappropriate and unauthorized access, and to protect the legal obligations of the institution, network security, efficiency of network resources, capacity management, and the institutional image.

Within the scope of the Information Security Management System in accordance with TS EN ISO/IEC 27001, this policy covers all campuses and networks of Hakkari University, and applies to academic and administrative staff, students, guests, and external stakeholders of Hakkari University who access the internet through these networks.

3.1. Information Security: The protection of the confidentiality, integrity, and availability of information.

3.2. Information Security Management System: A management system based on a risk approach that is established, implemented, operated, monitored, reviewed, maintained, and improved in order to ensure information security.

3.3. Information: Data that is required for the continuity of the processes of Hakkari University, has value for this reason, and therefore must be appropriately protected.

3.4. Information Assets: All assets within Hakkari University that are significant for information security within the scope of TS EN ISO/IEC 27001 Information Security Management System.

3.5. University: Hakkari University.

3.6. Rector: The Rector of Hakkari University.

3.7. Quality Management Representative: The staff member of Hakkari University who ensures the creation, implementation, and continuity of the processes required by the Quality Management System; reports to the senior management regarding the performance of Hakkari University Quality Management System and opportunities for improvement; ensures that all employees are aware of customer requirements; plans and implements changes in Hakkari University Quality Management System; and guarantees the integrity of the quality management system.

3.8. Head of Department: The Head of the Information Technologies Department of Hakkari University.

3.9. User: The academic and administrative units of Hakkari University, academic and administrative staff, students, student clubs, and external stakeholders.

3.10. Virtual Private Network: A network technology that provides a secure and encrypted connection over the internet to protect data and enhance privacy.

3.11. Domain Name System: A system that translates domain names into Internet Protocol addresses and enables communication between devices and servers on the internet.

3.12. Internet: The global network that enables information sharing, communication, and interaction between computers and other digital devices.

3.13. Access: The act of connecting to internet content.

3.14. Electronic Mail: Messages that are sent and received electronically over the internet.

3.15. Proxy: An intermediary server that routes internet traffic through another server, hides the Internet Protocol address, and makes the connection anonymous.

3.16. Server: A computer or software system that provides data, services, or resources to clients and is generally accessed through a network.

3.17. Audit Trail: System records created during the process of recording the states or changes (digital activities) of an information asset over time.

3.18. National Academic Network and Information Center: The National Academic Network and Information Center affiliated with the Scientific and Technological Research Council of Türkiye.

3.19. National Academic Network: The National Academic Network that meets the requirements of educational and research institutions for electronic communication services and/or electronic communication infrastructure in accordance with the laws of the Republic of Türkiye and the regulations of the Scientific and Technological Research Council of Türkiye, within the framework of the assignment under Law No. 278 dated 17/07/1963 on the Establishment of the Scientific and Technological Research Council of Türkiye.

4.1. Information Security Management System Commission: Responsible for the preparation and updating of this policy.

4.2. Rector: Responsible for the approval and entry into force of this policy.

4.3. Quality Management Representative: Responsible for the control of this policy in accordance with the Document Control Procedure KYT-PRD-01, for assigning a document code to the policy, for monitoring if the policy is revised and assigning a revision number, for adding the policy to the current document list, and for the follow-up of the list.

4.4. Head of Department: Responsible for ensuring the control and applicability of this policy.

4.5. User: Individually responsible for all internet usage carried out within the framework of this policy.

5.1. The Internet Access Service of the University is the wired and wireless network access service provided to administrative and academic staff, students, guests, and external stakeholders. This service is provided by the National Academic Network operated by the Scientific and Technological Research Council of Türkiye, which establishes and operates research and education networks among universities and research institutions, and ensures the connection of these networks with national and international networks, within the framework of the relevant legislation and policies of the Republic of Türkiye.

5.2. The University has the right and responsibility to provide its internet to users in accordance with the provisions specified in the Usage Policy of the National Academic Network.

5.3. Internet access and user activities carried out through the University network are recorded electronically in accordance with the Law No. 5651 and related regulations, as a legal obligation, within the framework of the Audit Trail Records Procedure. These records are kept completely and with integrity verification (time stamped), including information such as user name, Internet Protocol address, connection time, disconnection time, and type of protocol used.

5.4. Log records are stored securely for a minimum of two years in order to be submitted to the relevant judicial and administrative authorities when necessary. During this process, the principles of protection of personal data and the Personal Data Protection Law No. 6698 are observed.

5.5. Only authorized personnel of the Information Technologies Department of Hakkari University can access log records; these records cannot be taken out of the institution or shared with third parties; they can only be submitted to authorized authorities for legal processes and auditing purposes.

5.6. Users are subject to an authentication method (such as Lightweight Directory Access Protocol, Active Directory, Captive Portal, or user name and password combinations) when using the internet service of the University. Access without authentication is not possible.

5.7. Users must use the University internet for the purposes of education, teaching, scientific and technological research and development, dissemination or access to scientific, technological, and cultural knowledge.

5.8. Users must not interfere with, alter the settings of, install devices or additional devices to, or create unauthorized access points (rogue access points) for the software or hardware (such as network switches, wireless access devices, network cables, network sockets) that provide the network service.

5.9. Internet access for academic and administrative staff, students, guests, and external stakeholders of the University is subject to the provisions set forth in the Network Security and Management Procedure.

5.10. Users are responsible for all websites and target systems accessed over the internet.

5.11. Users must be careful not to click on deceptive images and texts encountered while browsing the internet (such as congratulations, you have won a prize, click to receive your reward).

5.12. The University is not responsible for any adverse situations that may arise in the personal transactions of users on the internet (such as banking, shopping, electronic mail).

5.13. The Internet Access Service may not be used in any of the following ways:

5.13.1. It may not be used directly or indirectly for commercial purposes.

5.13.2. It may not be used for undesirable sites (pornography, gaming, gambling, violent content, etc.).

5.13.3. Users may not use the passwords, critical institutional information, user names, or institutional electronic mail addresses that they use for University activities for their personal activities such as social media accounts, e-commerce sites, forum sites.

5.13.4. Users may not attempt to block the internet usage of other users and/or access to resources on the network.

5.13.5. Users may not carry out attacks directed at objects on the network.

5.13.6. Users may not access any resource on the network without authorization and/or cause the monitoring, investigation, or recording of the traffic or information of others.

5.13.7. Users may not use the internet capacity (bandwidth) in a manner that negatively affects other users.

5.13.8. Users may not produce, host, or transmit materials that are contrary to general moral principles.

5.13.9. Users may not carry out political propaganda.

5.13.10. Users may not send random and unsolicited messages (spam messages).

5.13.11. Users may not connect to the internet by making changes with Virtual Private Networks, Proxy, or Domain Name System. These tools can only be used by users authorized by the Head of Department.

5.13.12. Users may not engage in activities contrary to the laws of the Republic of Türkiye and internal regulations of the University.

5.13.13. Users may not download or share contents that violate copyrights.

5.14.1. Users shall be warned in writing or through short message service.

5.14.2. The internet access of the user within the University shall be restricted or terminated for a limited or unlimited period of time.

5.14.3. The academic and administrative investigation mechanisms within the University shall be initiated.

5.14.4. In cases where this policy is insufficient, the matter shall be evaluated by the University authorities.

5.14.5. In relation to any information security violation that may arise from the internet access and usage of the University, the Information Security Incident Procedure, the Network Security and Management Procedure, the Risk Management Procedure, and the Threat Intelligence Procedure shall be applied, and if deemed necessary, the existing disciplinary processes shall be executed.

5.14.6. In accordance with Law No. 5651 and the related regulations, the institution is obliged to keep access records for the legally required period. In cases where misuse is detected in the access records of a user, the relevant log records may be submitted to judicial authorities.

6.1. Document Control Procedure KYT-PRD-01.

6.2. Usage Policy of the National Academic Network.

6.3. Audit Trail Records Procedure.

6.4. Network Security and Management Procedure.

6.5. Information Security Incident Procedure.

6.6. Risk Management Procedure.

6.7. Threat Intelligence Procedure.

6.8. Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publications.

6.9. Law No. 6698 Personal Data Protection