IT Acceptable Use and Security Policy
The revised IT Acceptable Use and Security Policy has been approved by the Vice-Chancellor. This Policy sets out the principles applicable to the use of University IT and expresses the commitment of the University to providing and maintaining secure, effective and reliable IT infrastructure and services to support the University's operations in research, teaching, learning, and administration. By observing the acceptable use and security requirements, University IT users and custodians can help to prevent service disruptions and data breaches caused by cyberattacks and other threats.
ITDS now has increased responsibility for caring for IT assets across the whole University. For example, approval MUST be obtained from ITDS before
- Using personal equipment for University business
- Developing or purchasing new software, including cloud services, that will store or process University data
- Connecting any new devices to the University campus network
- Engaging third parties who will access or process University data on behalf of the University
- Using specialist (non-standard) remote access to connect to the university network – anything other than GlobalProtect VPN and ADAPT
There are other areas which will affect the way that ITDS and the University will need to work, including
- Prohibition of password sharing
- Mandatory Cyber Awareness Training
and the explicit expectation that users use an SOE, register their Mac for self service, or gain an exemption from ITDS.
Custodians for both centralised and decentralised IT have substantial responsibilities to keep assets secure (IT Security Procedures) and may be audited.
A key requirement of the revised policy is that ITDS maintain a Cyber Security Framework (CSF) for a risk-based approach to information security management. If you work for ITDS or are an IT custodian outside of ITDS, then you will need to understand the technical security standards set out in the CSF. Detailed technical standards will be published later in 2022.
Please familiarise yourselves with the Policy and the associated procedures.
If you or your team would like to know more, please contact firstname.lastname@example.org.