Access to information and IT systems is essential for the University to function competitively in the higher education environment. Information Security is the corporate framework of culture, policies, organisational structure and operating environments used to ensure confidentiality, integrity and availability of our information.
The Senior Information Security Officer based with Legal & Governance Directorate works together with all University departments and Schools to develop policy, advice and guidance on information security issues – whether new information systems, projects to share information with external partners or major revisions to existing information systems and procedures that hold personal information i.e. confidential information.
This can be achieved by implementing controls in:
Physical security | Responsibility of Estates with each resident School and department |
Personnel and training security | Responsibility of Human Resources |
Policy/procedural security | Responsibility of Senior Information Security Officer and Business Owners |
Technical security | Responsibility of Digital IT and System Owners (outside DIT) |
All these measures must be implemented in tandem rather than being a one-off, as you can see in the diagram below.