IT Security Policies
Good practice in IT Security is an essential element of the provision of IT applications and infrastructure that underpins and supports the teaching, learning, research and administrative activities of the University.
Our IT Security Policies build on UCISA best practice drawing heavily on the British Standard 7799 and the International Standard ISO 27001. Most statements of policy are supported by guidelines or procedures.
These policies constitute the supporting policies referred to in general regulation XV and as such form part of the regulations of the University.
Policies of General Interest
Information Security - Defines the University's overall commitment to and requirements for Information Security.
Computer Usage - Sets out the responsibilities and required behaviour of the users of IT applications and infrastructure including acceptable use and good practice.
Information Handling - Classification of information and guidelines on appropriate levels of encryption of sensitive data.
Policies of Interest to IT Application Owners and IT Staff
User Management - Defines how user accounts and privileges are created, managed and deleted.
Operations - Sets out how IT applications are used to manage and protect information security.
IT Continuity Management and Planning - Sets out the processes for assessing and addressing risks to continuity of IT applications and defines responsibilities for preparing and implementing continuity plans.
Outsourcing and third party access - Sets out the conditions required to maintain the security of the University's information, applications and infrastructure.