Information Security Policies

Parent Policy

All users of the computing or information services provided by the University should be familiar with and abide by the Information Security Policy.

Information Security Policy

Having read the Information Security Policy you should then be familiar with all other policies that are appropriate for your course, research or role.

Extra care should be taken when dealing with sensitive information; if you are in any doubt about the sensitivity of information, or how it should be handled, then please contact the IT Service Desk. Examples of sensitive information include personal information, financial data and unpublished research.

You may also wish to refer to our Glossary of Terms.

Information Security Glossary of Terms

Information Governance

Code of Practice

Data Protection

Freedom of Information

Records Management

Change Management Policy

Risk Management Policy

Physical Security

Security Policy (PDF)

CCTV Code of Practice (PDF)

Access

Access Control Policy

Code of Connection (PDF)

Systems / Operations

Vulnerability​ ​Management​ ​Policy (login to access)

Patch​ ​Management​ ​Policy (login to access)

Management​ ​of​ ​Privileged​ ​Accounts (login to access)

Malicious​ ​Software​ ​Management​ ​Policy (login to access)

Log​ ​Management​ ​Policy (login to access)

Firewall​ ​Policy (login to access)

Server Policy (PDF)

Cryptography Policy

Third Parties

Google Data Security and Privacy Fact sheet (PDF)

Allied

PCI DSS

Cyber Essentials Assured Computing

Information Security Incident Policy

All incidents involving actual or potential breaches of Information Security must be reported in accordance with the policy below.

Information Security Incident Policy and Procedure