Information Security Policy: basic principles

The University's Information Security policy (ISP-01) and its supporting policies provide a framework to help make sure that the data held and processed by the University is managed with the appropriate standards to keep it safe. The policies ensure that information and information systems are protected.

All members of the University are responsible for keeping information secure and all members must comply with the policy.

The University has adopted the following eight principles to underpin the policy:

  1. Information will be protected in line with all relevant University policies and legislation, notably those relating to data protection, human rights and freedom of information.
  2. Each information asset will have a nominated owner who will be assigned responsibility for defining the appropriate uses of the asset and ensuring that appropriate security measures are in place to protect the asset.
  3. Information will be made available only to those who have a legitimate need for access.
  4. All information will be classified according to an appropriate level of security.
  5. The integrity of information will be maintained.
  6. It is the responsibility of all individuals that have been granted access to information to handle it appropriately in accordance with its classification.
  7. Information will be protected against unauthorised access.
  8. Compliance with the Information Security policy will be enforced.

How do the key principles relate to me?

The underpinning principles of the Information Security policy can be presented as a checklist of dos and don'ts. If you work according to this list then you will find that you are working within the University's Information Security policy.