INFORMATION
SECURITY POLICY
Secretary & Clerk’s Office
Information Security Policy
July 2011
Information Security Policy
1.
Introduction
1.1
We at Anglia Ruskin University (ARU) acknowledge that information is a
valuable asset and one which must be protected for commercial and statutory
reasons. It also has implications for individuals to whom information may
relate.
1.2
While the proper conduct of a university relies on the free flow of information,
the objective for this policy is to prevent or limit information security problems
which might result in:
-
systems being unavailable
reputational damage
fraud
illegal personal investigation
industrial espionage
the breach of statutory duties
2.
Meaning of Terms
2.1
Information security includes all processes, procedures and technical
measures, systems and code of conduct by means of which we aim to
protect:
-
2.2
our information, data and databases
our information processing systems and telecommunications networks.
Information includes, but is not limited to information:
-
shared on computers
transmitted across networks
printed or written on paper
recorded in digital form
spoken directly or over a voice network
3.
Implementation
3.1
In maintaining information security we will:
-
use reasonable, appropriate effective and cost effective security
measures
ensure compliance with, at minimum, statutory duties.
seek the continuous improvement of its information security
respect, insofar as is possible and lawful academic freedom.
3.2
This policy must be read in conjunction with subsidiary data security policies
and operational guidelines published from time to time.
4.
Security Responsibilities
4.1
All students, staff and governors of ARU and all other authorised users of its
information and information systems shall be bound by this policy.
Secretary & Clerk’s Office
Information Security Policy
July 2011
4.2
Disciplinary action may be taken against student or staff in breach of this
policy and civil action or the denial of access rights in relation to others.
4.3
All partnership agreements or joint ventures involving access to ARU’s
information or information systems shall require that partners adopt data
security systems to the reasonable satisfaction of ARU.
4.4
The Secretary & Clerk has executive responsibility for ensuring that proper
data security exists.
4.5
The Director of ISMS has responsibility for ensuring data security in relation
to IT systems within his/her control.
4.6
All line managers have responsibility for data security within their areas of
responsibility.
4.7
All students have responsibility for the data security in respect of their
personal use.
4.8
All other users have responsibility for data security in respect of their personal
or corporate use.
4.9
The University Records Manager has responsibility for advising on data
security providing training and ensuring compliance with statutory
requirements.
4.10
The Information Management Advisory Group has responsibility for providing
advice on the implementation and monitoring of data security.
5.
Breaches of Security & Business Continuity
5.1
All users must report immediately to the ISMS Help Desk and/or the
University Records Manager any breach or suspected breach of data
security.
5.2
ARU’s business continuity plan will include specific provision for maintenance
of data security.
6.
Policy Review
6.1
The policy and all subsidiary policies will be reviewed every five years.
July 2011 (approved at CMT August 2011)
Secretary & Clerk’s Office
Information Security Policy
July 2011