IT Regulations & Policies
Information security policies have been approved by the University’s Executive Board and apply across the University to every person who has access to University information. They are vital for providing assurance that the University takes seriously the confidentiality, integrity and availability of its information and information placed in its care. There are a number of guidelines and further information documents which provide good advice, helpful suggestions and useful ways of getting things done when and where you are working with classified information.
Information Security and Information Classification and Handling Policies
- Information Security The University’s overarching approach to information security
- Information Classification and Handling Policy How to classify, store and transmit information
- How to Classify Information How to classify information
Policies and Regulations
- Acceptable Use of IT Facilities What is considered acceptable use by the University and by legislation
- Regulations and Code of Conduct for Use of IT Facilities Regulations and expected behaviour that apply when using IT Facilities
- Encryption of Portable Devices What devices and information require encrypted
- Remote Access to Information and Information Systems What conditions apply when accessing information remotely
- Monitoring and Accessing Information Outlines circumstances in which it is permissible for the University to monitor and access University information without the users consent
- Third Party Access to Information What conditions apply before allowing third party access to University information
- Information Security for Project Management What conditions apply when incorporating information security as part of project management methodology
- Information Security Incident Reporting and Management University’s approach to reporting information security incidents
- Information Systems What conditions apply when accessing the University’s information systems
Guidance and Further Information
- Information Security guidance Details the 3 key principles of information security
- Acceptable Use guidance Outlines what the University considers acceptable use and what legislation tells us what is acceptable use
- Encryption of Portable Devices Information on handling and classifying university information
- Remote Access Guidance on how to manage security risks when working remotely
- Third Party Access Outlines the steps required to ensure compliant third party access to University information
- Information Security guidance Provides guidance on how to ensure information security is incorporated into project management methodology
- Information Security Incident Examples Gives examples of information security incidents
Report an Information Security Incident
Report an Information Security Incident What to do if you come across or are exposed to an actual or suspected information security incident