Part 3: User Responsibilities and Device Protection
3.1 Use of User Accounts and Passwords
3.1.1 Users must protect and maintain the confidentiality of their user accounts and passwords. Each individual must use their own personal account and must not share or disclose their password to others.
3.1.2 Users must change their password immediately if they suspect it may have been exposed or compromised.
3.2 Password Usage
3.2.1 Users must change their password periodically as specified by the University.
3.2.2 Passwords must not be based on identifiable personal information, such as first or last names, nicknames, parent names, department names, or dictionary words. Passwords must contain at least 8 characters, combining letters (uppercase/lowercase), numbers, and special symbols.
3.2.3 Do not use automatic password-saving features in software applications.
3.2.4 Do not write down or store passwords in visible or easily accessible places.
3.2.5 Avoid using the same password across multiple systems with access privileges.
3.2.6 Keep your account credentials strictly confidential.
3.3 Device Protection When Unattended
3.3.1 Users must enable screen saver or screen lock mechanisms requiring a password after inactivity.
3.3.2 Users must lock their device or computer when unattended.
3.3.3 System administrators must raise awareness among users regarding protective measures.
3.4 Equipment Placement and Protection
3.4.1 Devices must be placed in suitable areas to prevent loss or unauthorized use.
3.4.2 Sensitive equipment should be stored in secure locations.
3.4.3 Regular inspections of IT environments must be conducted, including monitoring temperature and humidity levels to protect equipment integrity.
3.5 Information Asset Control and Computer Usage
3.5.1 Documents, data, storage media, and computers must be stored securely.
3.5.2 Access to data or information assets must be restricted to owners or designated individuals with written authorization.
3.5.3 Measures must be taken to securely erase or overwrite sensitive data on storage devices before allowing others to use them.
3.5.4 Back up and delete stored data before sending a computer for repair to prevent unauthorized access.
3.5.5 Users may apply encryption for confidential information, following the Official Secrets Act B.E. 2544.
3.5.6 Establish guidelines for data/document retention and destruction in compliance with applicable laws and University regulations.
3.5.7 All software installed on University computers must be legally licensed. Users are prohibited from copying or using the software for personal devices or sharing it with others.
3.5.8 Important University data must not be stored on personal computers or devices.
3.5.9 Data stored on any media must be cleared before replacement or transfer.
3.5.10 Data must be securely deleted or formatted before equipment is destroyed, replaced, or disposed of.
