Key principles

The objective of the University’s Information Security Policy is to ensure that all information and information systems (information assets) which are of value to the University are adequately protected against the adverse effects of failures in confidentiality, integrity, availability and compliance with legal requirements which would otherwise occur. Achieving this objective will largely depend on all members of the University complying with this policy.

The University has adopted the following eight principles to underpin its Information Security Policy:

  1. Information will be protected in line with all relevant University policies and legislation, notably those relating to data protection, human rights and freedom of information.
  2. Each information asset will have a nominated owner who will be assigned responsibility for defining the appropriate uses of the asset and ensuring that appropriate security measures are in place to protect the asset.
  3. Information will be made available solely to those who have a legitimate need for access.
  4. All information will be classified according to an appropriate level of security.
  5. The integrity of information will be maintained.
  6. It is the responsibility of all individuals who have been granted access to information to handle it appropriately in accordance with its classification.
  7. Information will be protected against unauthorised access.
  8. Compliance with the Information Security Policy will be enforced.

So how do the key principles relate to me?

The above underpinning principles of the Information Security Policy are best presented as a checklist of do's and don'ts. If you  work according to these do's and don'ts then you will find that you are working within the University's Information Security Policy.