Accessibility statement

Information Policy and you

Need help?

We don't expect you to know the details of every policy and how they're applied in all situations.

If you're unsure, ask for help.

This website aims to help you understand Information Policy and how it relates to your work. It also helps to ensure that we don't break the law.

We are all responsible for handling information correctly.

We also need to be aware of the requirements of people or organisations who share our information, eg research funders and the NHS.


Five steps to understanding Information Policy and how it applies to you

1. Understand why we need Information Policy

2. Understand what Information Policy covers

3. Understand the University regulations for use of computing facilities and information

4. Understand how information should be handled

5. Understand which policies apply to you

1. Understand why we need Information Policy

Confidentiality Only people with a valid and authorised reason to access confidential information should be able to do so.
Data integrity Unauthorised individuals or processes must not be able to alter or delete information.
Availability Information is actively maintained and can be accessed when it is required.
Responsible use Information must be used appropriately.

2. Understand what Information Policy covers

All information

Information in any format that the University owns or is handling for another organisation.

It includes emails, administrative information, student and staff records, financial information, teaching and learning materials, research data, strategic planning information, contracts, meeting papers and minutes.

All information systems
(manual or electronic)
  • Owned by the University.
  • Being used for University business.
  • Connected to networks managed by the University.
All devices

Any device that is used to access, manipulate or store University information (eg desktop machines, laptops, tablets, phones).

It includes devices that are:

  • managed by University IT Services
  • owned by the University
  • owned by you, family and friends
  • owned and provided by third parties
All individuals

Staff, students, associates and anyone else who may access, use or manage University information (eg visitors, contractors, partners, third parties).

3. Understand the University regulations for use of computing facilities and information

Regulation 11: Use of computing facilities

Regulation 11 applies to everyone - all staff, students, associates, and anyone else who uses University IT facilities and information.

It sets out the main rules for using University information and IT facilities and the consequences of not doing so.

Everyone who has a University username and password agrees to abide by the Regulation when their account is created.

Think of the Regulation as being the 'top document' in the hierarchy from which all other Information Policy follows.

Remember that the Regulation applies to electronic information as well as computing facilities.

You should also be aware of other legal and licence requirements:

4. Understand how information should be handled

Information classification and handling scheme

This is the foundation for all information policies.

The scheme provides colour coded guidance on classifying information (eg confidential, public), and how to manage the different levels of security required.

It covers all information held by the University, in any format (physical and electronic).

5. Understand which policies apply to you

The summaries are organised by theme to help you identify which policies you need to understand.

Some policies apply to some of you more than others, depending on your role and the type of information that you handle.

Information security

  • Information Security Policy
  • IT security
  • Information audit
  • Business continuity management

Records management

  • Records management policy
  • Retention and disposal
  • Draft retention schedules
  • Research data management
  • Policy on the Publication of Research
  • University archive

Information rights

  • Data protection
  • Freedom of information
  • Copyright
  • Intellectual property
  • Access to personal records

Ethics and integrity

  • Code of practice on research integrity
  • Code of practice for good ethical governance
  • Professional codes of conduct

We've also provided guidance organised by status at the University, eg researcher, undergraduate, academic: