We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Information Governance

Information Security

Information Security is one of the pillars to managing University information securely and appropriately. The University has obligations to ensure that appropriate technical and organisational controls are in place and that staff are trained and aware of their responsibilities. We do this in a coordinated way so that we bring together controls and training for:

  • Data protection
  • Information security
  • Records and information management
  • Freedom of Information

The Information Governance webpages are structured around these themes to provide relevant direction and advice.

It is important that you understand the sensitivity ('classification') of the information you are dealing with and its potential impact if unduly disclosed, so that you may then apply appropriate controls for storing, sharing and using that information.

Key documentation

The following highlights some of the key resources you need to be aware of with regards to information security, though there are additional resources and guidance across the Information Governance webpages that will help you to manage the University's information more effectively and securely.

  • Information Security: Sets out the University's overarching objectives and approach to protecting information. Defines key roles and responsibilities for information security. Applies to: All staff and any other individuals (including students) who handle University information.
  • Information Security Classification and Handling Standard: Sets out the classification of University information, how and when to label information so that users are aware of how that information should be handled, and the controls to be employed to handle that information securely. Applies to: All staff and any other individuals (including students) handling University information.
  • Internal procedures and guidance to support the implementation of security policies and standards.
  • Technical controls administered by CIS or used as standards by departmental IT administrators, developers and support are described within the Technical Security Standards page. These are under review as technology, threats and vulnerabilities change.