Security Policy

This document describes, generically, the security practices and definitions applied to this platform (ead.ipleiria.pt) as an integral part of the Polytechnic of Leiria's IT systems.

General information

This system uses current known security best practices, mainly concerning information integrity, confidentiality, availability and authenticity, protecting our IT system from unauthorized information access, deletion, disruption or modification. This IT system is support by two distinct teams:

  • Polytechnic of Leiria's IT services: management and security of the technological infrastructure (equipments, networks, visualization, email and support services);
  • Distance Learning Unit: has the responsibility to insure the platform's operational security, mainly at the software level. This includes Moodle software and its support services (web service, database, operating system, etc.).

Information access

Access is only provided when considered necessary to the execution of associated user profile tasks. Exceptional situations will always require a special authorization order provided by Polytechnic of Leiria's board of directors or the Distance Learning Unit managing director.

Password confidentiality

All user accounts present in this system should be protected by a password (or any another similar method of authentication) that allows the attribution of responsibilities by any actions taken in this platform. Local accounts passwords stored in the system are encrypted. Passwords from IPLeiria.pt domain accounts are not stored in this system. Password and data exchange between the clients and the service should always be made using encrypted channels.

Users have the responsibility of guaranteeing the confidentiality of their account's password, insuring that password cannot be used by a third-parties to execute actions in their name. Users are the only responsible for the actions made with their accounts. If an user account gets compromised, said user should immediately request a password reset at Polytechnic of Leiria's IT services.

Backup policy

The system automatically creates backup copies of all curricular units which have not been hidden and have been updated since the last automatic backup, in a weekly cycle. These programmed securities copies will occur in low traffic periods, given the volume of data which has to be processed and the impact it may have in the system's performance. Due to questions related with curricular unit size and the available technological resources, only one backup of each curricular unit is saved. Users are responsible for the maintenance and management of their own backups. Previously backup copies are destroyed due to the maintenance costs. Security copies of all curricular units are maintained for a period of up to two academic years.

If technically viable, content support systems for previous academic years will be made available along side the current year system. These systems will only be available for querying information and no backups are made on this systems, thus they should not be used for learning activities.

Additional information

This system is based on Moodle, under the management of the Learning Distance Unit from the Polytechnic of Leiria. Any questions about this system and the way it operates can be directed at our user support system.

By using this system users agree that, besides what is imposed by the current legislation, the Polytechnic of Leiria and its colaborators will not offer any sort of additional security insurance, implicit or explicit. Users are liable to protect the confidentiality, integrity, availability, authenticity and the non-repudiation of the information they exchange with the system, as well as maintaining backup copies of said information.

Last Update: