Information Security
We recognise the importance of information as a corporate asset.
Our Information Security policy:
- Allows appropriate people access to information when and where they need it
- Maintains integrity (accuracy and security) of information we hold
- Maintains appropriate levels of confidentiality
- Reduces the risks posed by poor information management
- Ensures we abide by our legal and regulatory responsibilities
- Makes our staff and students aware of their responsibilities towards information security/management
The principles of our Information Security policy are:
- Ensuring that we (the University) follow all legal requirements
- Ensuring the availability, confidentiality and integrity of all information we hold
- Ensuring that our staff, students and partners understand their responsibilities towards information security
- Maintaining a risk-aware approach that reduces any unacceptable risks
Our Information Security policy is an overarching policy. We have summarised the contents of the policy here. You can download the Information Security Policy and other related policies below.
Summary of Information Security policy
1. General
- You should use our computing facilities in a way which is:
- ethical
- legal
- appropriate to the University's aims
- not detrimental to others
- We reserve the right to monitor, filter and/or deny access to our systems.
- You must tell us about any loss or compromise of any device containing University data.
- You must not share your username or password, or login to anyone else’s account.
2. Device connection
- You may connect a University laptop or PC to the University network.
- You may connect your own personal device to eduroam wireless network.
A University laptop or PC is one which University IT staff order and set up for you.
A personal device is a laptop, phone or tablet which you buy and bring to campus yourself.
Contact us if you wish to connect any other device to the University network. You must have a valid reason for this. We reserve the right to refuse connection.
3. Device maintenance
All devices used to access University data must:
- Have an up-to-date anti-virus application installed and configured.
- Have the latest operating systems and browser security updates installed.
- Only run legitimate, licensed software.
4. Personal devices
As well as the above, if using a personal device you must:
- Enable your device's security features.
- Accept that we may scan and/or monitor your device whenever you use it to connect to our network.
- Wipe the device of all data before selling or transferring it to a third party.
5. Sensitive data
For data that is sensitive, personal, confidential or commercially valuable, you must:
- Reduce the need to hold such data on any device.
- Encrypt the data before storing or sharing it.
- Never make the data available to the public, or share it on a social networking site.
Information Security policy in full
Related and constituent policies
- University Policy on the Use of Computing Facilities and Resources
- Legal Framwork for ICT
- Network Connection Policy V1.1
- Procedure for Accessing Personalised Electronic Storage Resources
- Protection of Information Held on Mobile Devices and Encryption Policy
- Remote Access for Suppliers
- Anti-Virus Policy
- Policy on Children Accessing University of Strathclyde provided IT Systems
- Policy on Physical Security of IT Equipment
- Remote Access to University provided Information Systems and Services
- Bring Your Own Device Policy
- Policy on IT Access for Leavers
- Policy on the Procurement of IT Commodity Devices
- IT Credentials Management Policy
- Data Management Principles
Lost and stolen devices
You must if you lose your device, or if you think someone has stolen it. Fill in the form and send it to the IT Helpdesk.
Training
Information Security training for staff is available from Myplace [DS login required].
More information
Please contact us if you would like to know more.
You may also want to read:
- our records management information
- our Data Protection Policy