Information Security Policy
As University members, we are all responsible for making sure
The University's Information Security policy (ISP-01) and its supporting policies provide a framework to help make sure that the data held and processed by the University is managed with the appropriate standards to keep it safe.
The policies comply with legal requirements including the Data Protection Act and the General Data Protection Regulation (GDPR).
The aims of the Information Security policies are:
- to raise awareness
- to avoid the disclosure of data
- to avoid breaking the law
- to avoid causing the University financial and reputational damage.
We all have a requirement to work within the guidelines of the Information Security policies.
Required reading
All University members should be familiar with the University's Information Security policy (ISP-01) and the key principles of the Information Security policies.
We should all:
- Make sure that only those who need access to data have that access.
- Avoid storing information where it can be accidentally exposed or lost, for example on unencrypted storage devices or on a desk in an office (even if the office is locked).
- Make sure that if data must be sent, shared or transported, we send it securely using encrypted devices or channels.
List of policies
- Information Security policy ISP-01
- Compliance policy ISP-03
- Outsourcing and Third Party Compliance ISP-04
- Human Resources ISP-05
- Information Handling ISP-07
- User Management ISP-08
- Acceptable Use ISP-09
- System Management ISP-11
- Network Management ISP-12
- Software Management ISP-13
- Mobile and Remote Working ISP-14
- Encryption ISP-16
- Investigation of Computer Use ISP-18
- PCI-DSS Cardholder Data Policy ISP-19
- Information Governance policy IGP-01.
Policies review schedule
October 2024 | December 2024 | May 2025 | September 2025 |
---|---|---|---|
Information Security Policy (Overarching) ISP-01 | Compliance ISP-03 | Acceptable Use ISP-09 | Outsourcing and Third Party Compliance ISP-04 |
Human Resources ISP-05 | System Management ISP-11 | Information Handling ISP-07 | |
User Management ISP-08 | Mobile and Remote Working ISP-14 | Network Management ISP-12 | |
Encryption ISP-16 | PCI-DSS ISP-19 | Software Management ISP-13 | |
Investigation of Computer Use ISP-18 |