IT Regulations and Policies

The University’s Information Security Policy Framework has been approved by the Executive Board and applies to everyone who accesses, manages, or handles University information and/or technology resources. These policies form the foundation for safeguarding the confidentiality, integrity, and availability of our information assets, and demonstrate the University’s commitment to responsible, secure, and resilient digital operations. Supporting guidelines and reference materials accompany these policies to offer practical advice, clear expectations, and helpful methods for working securely with University systems and classified information in any environment.

Policies

  1. IT Security Management - Establishes the overall framework for protecting the University’s information systems from security threats and ensuring secure operations.
    1. Information Classification and Handling - Defines how information must be classified and handled to ensure appropriate protection based on its confidentiality and sensitivity.
  2. IT Risk Management - Describes how technology-related risks are identified, assessed, treated, and monitored across the University.
  3. IT Asset Management - Provides guidelines for tracking, managing, and safeguarding the University’s IT assets throughout their lifecycle.
  4. IT People and Access Management - Governs how access to systems and information is granted, managed, and removed for all users.
    1. Acceptable Use of IT Facilities - Defines the appropriate and responsible use of the University’s IT resources by all users and outlines circumstances in which it is permissible for the University to monitor and access University information.
    2. Bring Your Own Device - Specifies security and usage requirements for users who use personal devices to access university systems or information.
  5. IT Business Resilience - Ensures continuity of critical IT services through preparedness, incident response, and recovery measures.
  6. IT Device and System Management - Sets requirements for the secure configuration, maintenance, and operation of the University’s IT devices and systems.
  7. IT Physical Security - Establishes controls to protect physical IT infrastructure and facilities from unauthorised access or damage.
  8. IT Network and Operational Security - Defines measures to secure the University’s networks and operational environments from cyber threats and disruptions.

Regulations

  1. Regulations and Code of Conduct for Use of IT Facilities - Regulations and expected behaviour that apply when using IT Facilities.
  2. Guidance to staff on the use of Generative AI (GenAI) - A framework for all University staff on the responsible, ethical, and compliant use of Generative Artificial Intelligence.
  3. Guideline for safe and secure working on and off campus - What conditions apply when accessing information remotely.
  4. Information Security for Project Management - What conditions apply when incorporating  information security as part of project management methodology.

Guidance and further information (staff only)

  1. Report an Information Security Incident - What to do if you come across or are exposed to an actual or suspected information security incident.
  2. Replying to Emails from Unknown Senders - A comprehensive overview of best information security practices when receiving emails from unknowns senders.
  3. Understanding and Managing Email Spam - A brief guide explaining what email spam is, why it happens, and practical steps you can take to filter, block, and reduce unwanted messages.
  4. Create a Strong Password - An overview of how to build secure, memorable passwords using best practices that help protect your accounts from unauthorized access.
  5. Protect my Information - A concise explanation of simple actions you can take to safeguard personal data both online and offline, reducing the risk of identity theft and misuse.
  6. Staying safe with email - A short summary of key tips for identifying suspicious emails, avoiding phishing attempts, and keeping your inbox and information secure.
  7. How to secure your Sharepoint sites and Microsoft Teams - This guide explains how to keep information secure when working in Microsoft Teams and SharePoint. It’s written for all staff who create, share, or store documents in these tools and is not intended for technical administrators.
  8. Remote Access - Guidance on how to manage security risks when working remotely.
  9. Third Party Access - Outlines the steps required to ensure compliant third party access to University information.