Changes to IT security policies and procedures

28 Jul 2017

Our security policies and procedures are there to protect you and the University. They describe the rules that you agree to when using University services

One of the policies that we’ve updated is our Acceptable Use Policy and the main changes are as follows:

You must not use third party webmail services to send or receive emails related to University work. You must not set up your University email account to automatically forward emails from your University email account to third party email addresses.

If you are considering commissioning IT systems, software or services you must comply with the Acquisition, Development and Maintenance, Standard Operating Procedure.

• Acquisition, Development and Maintenance, Standard Operating Procedure

If you handle confidential or sensitive data, please be aware of the new ‘restricted’ and ‘highly restricted’ categories. If you are unsure of whether you are handling your information correctly, you can refer to these guides:

• Information security classification examples
• The University's online Information Handling Tool

Be aware of when you could potentially undermine the security controls or procedures when using University IT services; for example by sharing passwords, storing unencrypted person identifying data, or failing to lock your computer when unattended.

Only use the channels for credit / debit card payments that are approved by the Directorate of Finance. You must not keep digital or paper records of financial information outside of the compliant systems.

All University policies, standard operating procedures and guidelines can be found online. As an IT user at the University, you must abide by these regulations and guidelines:

• IT policies and guidelines