Information Security Policy Template - Free Download | Page 2
4.5, 3400 votes
Please vote for this template if it helps you.
Information Security Policy Template Page 2
Macintosh HD:Users:lvyunyun:Desktop:files1:information-security-policy-template.doc v1.6 (Approved: Sep 05; Reviewed: Sep
08) 2 of 3
2. The Policy
The University requires all users to exercise a duty of care in relation to the operation
and use of its information systems.
2.1 Authorised users of information systems
With the exception of information published for public consumption, all users
of University information systems must be formally authorised by appointment
as a member of staff, by enrolment as a student, or by other process
specifically authorised by the Vice Chancellor. Authorised users will be in
possession of a unique user identity. Any password associated with a user
identity must not be disclosed to any other person. The “Network password
policy” describes these principles in greater detail.
Authorised users will pay due care and attention to protect University
information in their personal possession. Confidential, personal or private
information must not be copied or transported without consideration of:
permission of the information owner
the risks associated with loss or falling into the wrong hands
how the information will be secured during transport and at its
destination.
2.2 Acceptable use of information systems
Use of the University’s information systems by authorised users will be lawful,
honest and decent and shall have regard to the rights and sensitivities of other
people. The detail of acceptable use in specific areas may be found in the list
of subsidiary policies detailed in the Appendix.
2.3 Information System Owners
University Deans/Directors who are responsible for information systems are
required to ensure that:
1. Systems are adequately protected from unauthorised access.
2. Systems are secured against theft and damage to a level that is cost-
effective.
3. Adequate steps are taken to ensure the availability of the information
system, commensurate with its importance (Business Continuity).
4. Electronic data can be recovered in the event of loss of the primary source.
I.e. failure or loss of a computer system. It is incumbent on all system
owners to backup data and to be able to restore data to a level
commensurate with its importance (Disaster Recovery).
5. Data is maintained with a high degree of accuracy.
6. Systems are used for their intended purpose and that procedures are in
place to rectify discovered or notified misuse.
7. Any electronic access logs are only retained for a justifiable period to
ensure compliance with the data protection, investigatory powers and
freedom of information acts.
Information Security Policy Template Previous Page Information Security Policy Template Next Page
source: tees.ac.uk
Information Security Policy Template