IT Regulations & Policies

Information security policies have been approved by the University’s Executive Board and apply across the University to every person who has access to University information.  They are vital for providing assurance that the University takes seriously the confidentiality, integrity and availability of its information and information placed in its care.  There are a number of guidelines and further information documents which provide good advice, helpful suggestions and useful ways of getting things done when and where you are working with classified information.

Information Security and Information Classification and Handling Policies

  1. Information Security  The University’s  overarching approach to information security
  2. Information Classification and Handling Policy  How to classify, store and transmit information
  3. How to Classify Information   How to classify information

Policies and Regulations

  1. Acceptable Use of IT Facilities What is considered acceptable use by the University and by legislation
  2. Regulations and Code of Conduct for Use of IT Facilities  Regulations and expected behaviour that apply when using IT Facilities
  3. Encryption of Portable Devices   What devices and information require encrypted
  4. Remote Access to Information and Information Systems    What conditions apply when accessing information remotely
  5. Monitoring and Accessing Information  Outlines circumstances in which it is permissible for the University to monitor and access University information without the users consent
  6. Third Party Access to Information  What conditions apply before allowing third party access to University information
  7. Information Security for Project Management  What conditions apply when incorporating  information security as part of project management methodology
  8. Information Security Incident Reporting and Management  University’s approach to reporting information security incidents
  9. Information Systems What conditions apply when accessing the University’s information systems

Guidance and Further Information

  1. Information Security guidance  Details the 3 key principles of information security
  2. Acceptable Use guidance  Outlines what the University considers acceptable use and what legislation tells us what is acceptable use
  3. Encryption of Portable Devices  Information  on handling and classifying university information
  4. Remote Access  Guidance on how to manage security risks when working remotely
  5. Third Party Access  Outlines the steps required to ensure compliant third party access to University information
  6. Information Security guidance  Provides guidance on how to ensure information security is incorporated into project management methodology
  7. Information Security Incident Examples Gives examples of information security incidents

Forms Procedures Documentation

For copies of the following forms please contact I.T through My Service, submitting a general request for the form/s you require.

  1. Information Security Reporting Procedure‌ What to do when  reporting an information security incident
  2. Information Security Incident Management Form What information is required when reporting an information security incident
  3. Privacy Impact Assessment Form  Outlines the circumstances in which a privacy impact assessment is required and what information is required
  4. Third Party Access Form.‌ What conditions apply and what information is required when contracted third party requires access to University information