As University members, we are all responsible for making sure University information is kept securely and used appropriately.
The University's Information Security policy (ISP-01) and its supporting policies provide a framework to help make sure that the data held and processed by the University is managed with the appropriate standards to keep it safe.
The policies comply with legal requirements including the Data Protection Act and the General Data Protection Regulation (GDPR).
The aims of the Information Security policies are:
We all have a requirement to work within the guidelines of the Information Security policies.
All University members should be familiar with the University's Information Security policy (ISP-01) and the key principles of the Information Security policies.
We should all:
| October 2024 | December 2024 | May 2025 | September 2025 |
|---|---|---|---|
| Information Security Policy (Overarching) ISP-01 | Compliance ISP-03 | Acceptable Use ISP-09 | Outsourcing and Third Party Compliance ISP-04 |
| Human Resources ISP-05 | System Management ISP-11 | Information Handling ISP-07 | |
| User Management ISP-08 | Mobile and Remote Working ISP-14 | Network Management ISP-12 | |
| Encryption ISP-16 | PCI-DSS ISP-19 | Software Management ISP-13 | |
| Investigation of Computer Use ISP-18 |
