Information Security Policy

As University members, we are all responsible for making sure University information is kept securely and used appropriately.

The University's Information Security policy (ISP-01) and its supporting policies provide a framework to help make sure that the data held and processed by the University is managed with the appropriate standards to keep it safe. 

The policies comply with legal requirements including the Data Protection Act and the General Data Protection Regulation (GDPR).

The aims of the Information Security policies are:

We all have a requirement to work within the guidelines of the Information Security policies.

Required reading

All University members should be familiar with the University's Information Security policy (ISP-01) and the key principles of the Information Security policies. 

We should all:

List of policies

Policies review schedule

May 2024September 2024October 2024December 2024
Acceptable Use ISP-09 Outsourcing and Third Party Compliance ISP-04 Information Security Policy (Overarching) ISP-01 Compliance ISP-03
System Management ISP-11 Information Handling ISP-07   Human Resources ISP-05
Mobile and Remote Working ISP-14 Network Management ISP-12   User Management ISP-08
PCI-DSS ISP-19 Software Management ISP-13   Encryption ISP-16
  Investigation of Computer Use ISP-18