Minimum, and required reading
Policies setting out the ground rules which we all must comply with.
These Regulations govern the use of University computing and network facilities by authorised users. This includes staff, students and visitors.
They apply to all services operated by, or on behalf of the University. They also include the use of personally owned devices, remote networks and services.
Private use is permitted too, but don't overdo it
The Regulations recognise, though computing facilities are for work related activity, private use is permitted. This is so long as it does not impact staff employment responsibilities or student education (and of course, does not break the Law).
The Regulations forbid any use that is illegal or brings the University into disrepute. This includes excessive 'private use'. Breach of the Regulations is a disciplinary offence.
The information security policy details how everyone is responsible for protecting University information. It states how we ensure that the confidentiality, integrity and availability is maintained. It covers the need to take account of: physical security, business continuity and technical requirements.
The policy is presented as a PDF document. Other formats can be produced upon request.
The Information Security Standards add more detail to the Information Security Policy, focussing on specific areas with each document. The list of current standards is:
- S.0 - Purpose of Standards
- S.1 - Information Classification
- S.2 - Data Protection
- S.3 - Data Steward
- S.4 - Access Management
- S.5 - Operational Security
- S.6 - Asset Management
- S.7 - Secure Configuration
- S.8 - Security Assessment and Testing
- S.9 - Physical Security
- S.10 - Incident Management
- S.11 - Third Party
- S.12 - Cloud Security
- S.13 - Mobile Device
- S.14 - Bring Your Own Device (BYOD)
The standards can be found in the Guidance Folder on the Information Security Sharepoint site.