IT Services

Security policies and procedures

Our security policies and procedures are there to protect you and the University. They describe the rules that you agree to when using University services. One of the policies that we’ve updated is our Acceptable Use Policy and the main changes are as follows.

1. You must not use third party webmail services to send or receive emails related to University work. You must not set up your University email account to automatically forward emails from your University email account to third party email addresses.

2. If you are considering commissioning IT systems, software or services you must comply with the Acquisition, Development and Maintenance, Standard Operating Procedure.

• Acquisition, Development and Maintenance, Standard Operating Procedure

3. If you handle confidential or sensitive data be aware of the new ‘restricted’ and ‘highly restricted’ categories. If you are unsure of whether you are handling your information correctly, you can refer to these guides:

• Information security classification examples
• The University's online Information Handling Tool

4. Be aware of when you could potentially undermine the security controls or procedures when using University IT services; for example by sharing passwords, storing unencrypted person identifying data, or failing to lock your computer when unattended.

5. Only use the channels for credit / debit card payments that are approved by the Directorate of Finance. You must not keep digital or paper records of financial information outside of the compliant systems.

6. Under the Counter-Terrorism and Security Act, the University has a duty to monitor and report on the use of relevant IT facilities to prevent people from being drawn in to terrorism.

7. All University policies, standard operating procedures and guidelines can be found on StaffNet. As an IT user at the University you must abide by these regulations and guidelines:

• IT policies and guidelines