Information Security Policy revised

23 August 2010

Information is an asset that is essential to the University operations and consequently needs to be suitably protected. This year, the University's Information Security Policy was revised to reflect current industry standards.

The policy describes the controls the University will use to protect information. It sets out the business rules for protecting University information and the systems which store and process it. Key features of the revisions made are outlined below:

  • A password policy has been introduced in line with industry best practice.
  • A classification schema for information assets is included. Assets classified as "sensitive" require additional controls to prevent unauthorised access.
  • A formal management process for employee and student identities is outlined in the policy, including formal systems authorisation and termination of inactive Unikey accounts.
  • A section covering physical and environmental security focuses on measures in place to protect the University Data Centre.
  • Emphasis is placed on improving existing operational processes such as software updates, security incident management, as well as ensuring that current software such as antivirus applications are distributed and maintained for all University desktops/laptops.
  • Agreed controls have been included to prevent errors, loss, unauthorized modification or misuse of information in University applications.

A copy of the policy is available for download from Policy Online.