Code of Practice Information and Security: Key Points

Access to Information

The University recognises that all staff must have access to appropriate information in order to fulfil their job responsibilities.

that Electronic Mail is an insecure communication medium (see Code of Practice Document Reference 3.4.2)
that the University reserves the right to access information stored on University facilities (3.12) or to monitor use of the University network infrastructure
of the dangers of using untested software (3.3.3)
that standard encryption in Word Processors is insecure (3.4.3 and 3.11 )
that your compliance with this Code may be subject to internal audit

obtain authorisation before you access or use administrative information (3.4.1)
label sensitive information using approved security marks and take appropriate precautions with material classified as confidential (3.10)
lock your door when your room is unoccupied (3.1)
choose a safe password and keep it to yourself (3.2)
use anti-virus software and check all diskettes (3.3.1)
ensure you make backups of important data, and store them securely (3.4.5)
remove stored information when disposing of old equipment or media (3.4.4)
comply with the University Regulation on Use of Computer Facilities and the Campus Network and, in particular, the Data Protection Act (3.8) and software licence conditions (3.9)
obtain authorisation before taking equipment off campus (3.5)
ensure that the same procedures are used when equipment is used outside the University (e.g. at home) to process University information (3.5)
report suspected breaches of this Code as indicated below.

Content last updated: October 2008