Information Security Policy for Students
- Information Security Policy
- 10 Steps to Cyber Success
- Training & Policies
- Reporting an Incident
- Phishing
- Social Engineering
- Strong Passwords
- Ransomware
- Social Networking
- CyberSafe Zooming
- Updates and Anti-virus
- Mobile Devices
- Protect Your Data
- Storing Data Securely
- Public Wi-Fi Hotspots
- Physical Security
- Cyber Security Programme
- Password Managers
- Cyber Security Inductions
- Gender-Based Violence IT Help
See our full Information Security Policy (pdf).
See the Legal framework for Information Security Policy (pdf).
We recognise the importance of information as a corporate asset.
Our Information Security policy:
- Ensures all data in the University is handled and stored with an appropriate level of security
- Outlines the monitoring measures the University takes to ensure the security of data and IT services
- Outlines user policies which must be adhered to including:
- Acceptable use
- Physical security
- Personal devices
Some of the core policies of our Information Security Policy are:
- To support the University and IT strategic vision
- To follow and develop the Scottish Government’s Public Sector Action Plan on Cyber Resilience
- To make students, staff and third parties at the University aware of their responsibility to data
- To maintain the integrity (accuracy and security) of information we hold
- To comply with all legal and contractual obligations we have to data
Our Information Security policy is an overarching policy. We have summarised the contents of the policy here. You can download the Information Security Policy and other related policies below.
Summary of Information Security Policy
General
- You should use our computing facilities in a way which is:
- ethical
- legal
- appropriate to the University's aims
- not detrimental to others
- You are responsible for ensuring the security of University devices and University data which you have access to
- You must adhere to standards of acceptable use for use of University devices and services
Information security
- Information security is the responsibility of every member of staff, students, and third parties
- All information and data held by the University must be accurate and stored with an appropriate level of security
Data Handling
Data must be categorised, processed, and stored according to the following registers:
 |
|---|
|
|
|---|
Monitoring
- The University will monitor the use of University devices and services to comply with legal, regulatory and operational requirements
- The University will ensure the integrity and confidentiality of this information
- All monitoring activities will be appropriately authorised and documented.
User policies
All students, staff, and third parties must comply with guidelines on:
- Acceptable use in accessing University devices and services
- Acceptable personal use of University devices
- Physical security of IT equipment
- Personal device use for University purposes
More information on University Cyber Security standards can be found on our Cyber Security Pages
Training
All staff and students should complete cyber security awareness training available from Myplace.
- Student Experience & Enhancement Services
- Estates Services
- Finance Directorate
- Human Resources Directorate
- Procurement
- Information Security Policy
- 10 Steps to Cyber Success
- Training & Policies
- Reporting an Incident
- Phishing
- Social Engineering
- Strong Passwords
- Ransomware
- Social Networking
- CyberSafe Zooming
- Updates and Anti-virus
- Mobile Devices
- Protect Your Data
- Storing Data Securely
- Public Wi-Fi Hotspots
- Physical Security
- Cyber Security Programme
- Password Managers
- Cyber Security Inductions
- Gender-Based Violence IT Help