Information for staff
Information security
Good information security practices will help you keep your personal information and the University's information secure.
Get in touch
If you think your device has been attacked or other activity of concern is taking place, contact the Computer Emergency Response Team.
If you're unsure about anything to do with Information Policy, just ask:
If you don't handle information appropriately you may:
- Cause damage or distress to individuals, including aiding identity theft
- Breach confidence of information provided by third parties
- Breach statutory restrictions on the use or disclosure of information
- Breach contractual agreements
- Breach a duty of confidentiality or care
- Cause financial loss or loss of earning potential to the University
- Disadvantage the University in commercial or policy negotiations
- Prejudice a criminal investigation or enable criminal activity
- Undermine the management of the University and its operations
Information Security Policy
The Information Security Policy explains the ways that the University ensures the secure handling of its information while providing appropriate access.
It is supported by more specific policies which provide detail on how we handle activities which have information security implications.
The University's approach is based on ISO27001:2013. This is the international standard which defines the information security management processes that should be in place in an organisation, and the detailed control guidelines (ISO27002:2013).
What do I need to do?
The Protecting Information (PDF
, 1,238kb) booklet is your quick guide to the key things you need to remember.
It includes:
- the Seven Golden Rules of information security
- a summary of the Information Classification and Handling Scheme
- legal information
If you read nothing else, read this!
The IT Services security website provides a wide range of practical information to help you keep your information and devices secure.
Protecting information in your role is continually developed to provide guidance related to your role and the activities you may undertake.
All information security policies and their associated guidance are listed on the University Information Policy index.
Information audit
Information audit helps to identify the information held by the University and assess how it is managed and shared.
The audit process provides recognition and understanding of how the University operates in relation to administrative, legislative and regulatory requirements.
It identifies strengths and weaknesses in the management of records and information. It highlights any actions required to make sure information is managed and used appropriately.
The University works with external and internal auditors who carry out regular reviews of our activities. Recent internal audit topics include IT business continuity and Information Strategy.
The audit reports provide a detailed description of the auditors' findings, including good practice, risks and associated actions.
The actions are regularly reviewed to ensure they are being completed.
Audit in the University is overseen by the University Audit Committee.
Business continuity management
Business continuity management (BCM) is important for any large organisation.
It is the process of assessing potential risks and developing strategies and procedures to deal with them. This means that the University's core activities and functions can recover as quickly as possible.
Serious incidents are rare, but they do happen. UK universities have experienced disruption due to fires, floods, IT failure and severe weather.
The University BCM plan:
The Business Continuity Working Group is currently developing the University’s response to disruptive incidents.
IT Services is working to create a more robust infrastructure. It is also developing a more formal approach to managing incidents which affect its services.