Page tree
Skip to end of metadata
Go to start of metadata

Aims

Information is vital to the operation and administration of the collegey, and the security of this information, and the assets associated with it, are fundamental to its continuing success.

There are three key aspects to information security:

  • Confidentiality: information is available only to those authorised to have access
  • Integrity: information is reliable, as it is accurate and complete
  • Availability: information is accessible whenever and wherever required

The aim of this policy is to summarize and bring together the current sources of policy, regulations, procedures and guidelines, relating to information security. The intention is to make it easier for members of the college to understand their obligations.

Principles

The following are the guiding principles for Information Security:

The college will comply with relevant legislation related to information security.

The colleges approach is based on published best practice and guidance from the Joint Information Services Committee (JISC) and standards such as ISO27001, although it is not intended to seek formal certification to any standard at this time.

All members of the college are responsible for information security and must conform to all college policies and procedures, and to take into account the agreed guidelines.

The college seeks to build a culture of information security awareness by members of the college.

The college will constantly seek to review and improve information security.

The approach will be to implement information security by policy and education rather than technology enforcement, and only where necessary impose solutions or systems to enforce best practice.

Information security should not hinder the legitimate work of the college.

User rights and access to information will at all times be based on a person’s role and need rather than their status.

Information will only be used for legitimate academic and administrative purposes.

Supporting Documents

This policy gives the high level statement of Information Security strategy at the college. To support this, there will be the following documents:

 

Standards and Guidelines for All Users of College Computing and Network Facilities

The formal regulations governing computer use, and local acceptable use policy. Includes a statement on user access to systems and how that will be managed, and responsibilities of users.

Also linked is the JANET AUP with which all members must also comply.

Information Security Procedures

This   is a more detailed set of guidelines, covering all aspects of Information Security, based on JISC guidance and ISO27001.

Wireless AUP

Staff and student policies on wireless use on campus

Desktop Policy

Policy on desktop computers.

Email Usage Policies

Staff and student policies on email use.

Internet Access Policy

Policy on user access to the Internet, and any monitoring and blocking of sites

IT Disaster Recovery and Business Continuity Policy

Policy governing what will be done to recover from any significant incident, as well as policy on how system owners and users should plan to continue to deliver   business function when systems are unavailable.

IT Investigation Policy

 

Formalising the process under which authorised staff will investigate suspected or reported breaches of security.

 Internet AUP 
 Social Networks AUP