This Network Management policy is a sub-policy of the University’s Information Security policy (ISP-01) and sets out the responsibilities and required behaviour of those who manage communications networks on behalf of the University.
This policy applies to all employees, contractors, vendors, and any third parties who have access to or manage the University's communication networks.
It encompasses all communication networks under the University's control, regardless of the type of traffic they handle, whether physical or virtual, and irrespective of their location, including on-premise, hosted, or public cloud environments managed by or on behalf of the University.
The University’s communications networks will be managed by staff with the relevant skills and training to oversee their day-to-day running and to ensure their on-going security (confidentiality, integrity and availability).
Network management requires staff and authorised third parties to have a high level of privileged access to critical infrastructure assets and as such, play a key role in ensuring University information assets are protected. Staff are expected to understand the entirety of the University's Information Security Policies and how they apply to their specific role.
Staff and authorised third parties are required to escalate and act promptly and within guidelines specified by change management to protect the security of the University network but must be proportionate in the actions that they take, particularly when undertaking actions that have a direct impact on the users of the University network. Any actions which may be potentially invasive of users’ reasonable expectations of privacy must be undertaken in accordance with the University’s Investigation of Computer Use (ISP-18) policy and the associated Guidelines for System and Network Administrators document.
Staff and authorised third parties must immediately report any network-related information security incidents to the Information Security Manager (or, if unavailable, by email to cert@bristol.ac.uk).
The network must be designed and configured to deliver high levels of performance, availability and reliability, appropriate to the University’s business needs, whilst providing a high degree of control over access to the network.
Ongoing and future designs for network configuration must be agreed by the IT Architecture Board.
Networking and communications facilities, including wiring closets, data centres and computer rooms must be adequately protected against accidental damage (fire or flood, for example), theft, or other malicious acts.
Network switches will be located in approved comms rooms only. This is to ensure physical access is restricted to authorised staff. Temporary exceptions may be made where this is not practical, and associated risk logged and tracked. Any exceptions will require the approval of the Digital Platforms and Network Manager.
All changes to network components (routers, firewalls etc) are subject to IT Services’ change management processes and procedures.
Any device which poses a risk to the security or operation of the network is liable to physical or logical disconnection from the network without notice.
All devices connected to the network, irrespective of ownership, are subject to monitoring and security testing, in accordance with standard University practices and in line with Investigation of Computer Use Policy (ISP-18).
Acceptable Use Policy (ISP-09) has further details on what is and is not acceptable to connect to University networks.
The allocation of network addresses (IPv4 and IPv6) used on the University networks is the responsibility of IT Services which may delegate the management of subsets of these address spaces to other teams or Third Parties.
Network addresses (IPv4 or IPv6) assigned to end-user systems will, wherever possible, be assigned dynamically.
Access to network resources must be strictly controlled to prevent unauthorised access. Access control procedures must provide adequate safeguards through robust identification and authentication techniques.
For more information on administrative account access refer to User Management Policy ISP-08.
IT Services or authorised third parties are responsible for the management of the gateways which link the University network to the Internet. Controls, such as firewalls will be enforced at these gateways to limit the exposure of University systems to the Internet in order to reduce the risks of hacking, denial of service attacks, malware infection and propagation and unauthorised access to information. Controls will be applied to both incoming and outgoing traffic.
The same network boundary management principles will apply to network segmentation.
Guidelines for System and Network Administrators
Investigation of Computer Use Policy (ISP-18)
Acceptable Use Policy (ISP-09)
Title | Network Management Policy |
Reference | ISP-12 |
Status | Approved |
Version | 4.0 |
Date Created | July 2014 |
Last Reviewed | September 2024 |
Next Review | September 2025 |
Classification | Public |
PDF Policy Link | ISP-12 Network Management Policy.pdf (bristol.ac.uk) |