Information Security Policies

Parent Policy

All users of the computing or information services provided by the University should be familiar with and abide by the Information Security Policy.

Information Security Policy

Having read the Information Security Policy you should then be familiar with all other policies that are appropriate for your course, research or role.

Extra care should be taken when dealing with sensitive information; if you are in any doubt about the sensitivity of information, or how it should be handled, then please contact the IT Service Desk. Examples of sensitive information include personal information, financial data and unpublished research.

Information Governance

Code of Practice

Data Protection

Freedom of Information

Records Management

Change Management Policy

Physical Security

Security Policy

CCTV Code of Practice

Access

Code of Connection

Systems / Operations

Vulnerability​ ​Management​ ​Policy (login to access)

Patch​ ​Management​ ​Policy (login to access)

Management​ ​of​ ​Privileged​ ​Accounts (login to access)

Malicious​ ​Software​ ​Management​ ​Policy (login to access)

Log​ ​Management​ ​Policy (login to access)

Firewall​ ​Policy (login to access)

Server Policy

Third Parties

Google Data Security and Privacy Fact sheet

Allied

PCI DSS

Cyber Essentials Assured Computing

Information Security Incident Policy

All incidents involving actual or potential breaches of Information Security must be reported in accordance with the policy below.

Information Security Incident Policy and Procedure