Cookies

We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Information Security

Security Policies and Standards

The University's principal Information Security Policy and data protection policies can be found here.

The Information Security Classification and Handling Standard contains the controls that general users are required to implement. This contains the requirements previously included within the following Technical Security Standards:

  • Information Transfer
  • Mobile and Off-campus Working
  • Physical Access Control
  • Workspace

The Technical Security Standards used by CIS and recommended for implementation by others that provide, manage and support IT within the University are outlined below. It is your responsibility to ensure that you understand and comply with all the policies that are relevant to you.

Further guidance and procedures are included within the Information Governance Information Security webpages which have replaced much of the earlier content that was presented here in the 'Information Security Matters' webpages.

IT Regulations and Policies:

  • Student IT Regulations: Sets out acceptable use of University IT facilities, and your responsibilities when accessing and using them.
    Applies to: All Students.
  • Staff IT Regulations: Sets out acceptable use of University IT facilities, and your responsibilities when accessing and using them.
    Applies to: All Staff, and any other individuals who access University IT Facilities (e.g. visitors or contractors).
  • Monitoring and Interception: Sets out the University’s approach to monitoring and interception and the circumstances and procedures under which the University may monitor activity, or grant access to information in an individual’s IT account.
    Applies to: All staff, all students, and any other individuals who use University IT facilities.

Technical Security Standards for IT systems and equipment:

  • Anti-Malware Standard: Requirements for anti-malware software for any equipment used to connect to University networks, or to access, process or store University information.
    Applies to: All staff, all students, and any other individuals who use University IT facilities.
  • Backup Standard: Sets out the requirements for backup of electronic University information, software and systems.
    Applies to: All staff and any other individuals (including students) who handle University Information.
  • Encryption Standard: Requirements for encryption when using mobile devices (e.g. laptops, smartphones) or removable media (e.g. USB drives), or when transferring restricted information between systems (e.g. via email).
    Applies to: All staff, and any other individuals (including students) handling restricted access University information.
  • Hardware Asset Management: Sets out the requirements governing purchase and management of University hardware, and what your responsibilities are if you are issued with a University device.
    Applies to: All staff and any other individuals issued with or responsible for University hardware.
  • Management of Technical Vulnerabilities: To understand the requirements for managing the risks posed by technical vulnerabilities in hardware or software.
    Applies to: Anyone managing or maintaining any University hardware or any software connected to the University network and / or used to store University information.
  • Network Security: Sets out a) acceptable use of the network, and b) minimum standards and controls that need to be implemented for network security.
    Applies to: Acceptable use of the network (section 4) applies to everyone who accesses the University network. Management and control of the network (section 5) applies to those implementing, managing or supporting the network or services delivered across it.
  • Password Standard: What you need to do to keep your password secure.
    Applies to: All staff, all students and any other individuals with access to University IT facilities.
  • Software Asset Management: Sets out the requirements governing purchase and management of University software.
    Applies to: Anyone responsible for managing software assets, managing or supporting hardware on which University software is installed, or involved in purchasing software on behalf of the University.
  • Software Installation and Use: What you need to comply with if you are using software provided by the University, or installing software on University equipment.
    Applies to: All staff, students, and any other individuals who use software installed on University equipment, or provided by the University.
  • Staff IT Accounts: Sets out who gets a Staff IT Account, and when this access should be changed or removed. This includes when IT access is given to unpaid workers within the University.
    Applies to: All staff, unpaid workers
  • Student IT Accounts: Sets out who gets a Student IT Account, and when access should be changed or removed.
    Applies to: All students
  • System Access Control: Sets out the access control requirements for managing access to University systems.
    Applies to: Information Owners and staff responsible for administering University systems.
  • System Acquisition, Development and Maintenance: Sets out the University's approach to acquistion, development and maintenance of systems.
    Applies to: Anyone acquiring, developing or maintaining systems processing University information or connected to University networks.
  • Use of Non-University-Owned Devices: Sets out the requirements you need to meet if you are using your own private device (or any other device not owned by the University) to connect to the University network, whether on-site or remotely, or to work with University Information.
    Applies to: All staff, all students and any other individuals with access to University IT facilities.

Procedures:

  • Re-use, Recycling and Disposal of Equipment: Sets out the University's procedures for secure re-use, recycling or disposal of equipment.
    Applies to: All staff, and any other individuals issued with or responsible for University equipment.