Responsibilities and obligations around IT and data security

The University has a set of IT Regulations which, as a member of staff, you have a responsibility to follow. Some are legal obligations, some protect you and other people and some are to safeguard the reputation of the University.

You should make sure that you are aware of the main points of the regulations because failure to comply could have serious implications for you and the University.

UCISA (Universities and Colleges Information Systems Association) has produced a brief summary of its model regulations on which the text below is based.  This should help you remember the main points but you need to read and be familiar with the full IT Regulations document.

 

Governance – Don’t break the law, do abide by the University’s regulations and policies, and do observe the regulations of any third parties whose facilities you access

Identity – Don’t allow anyone else to use your IT credentials, don’t disguise your online identity and don’t attempt to obtain or use anyone else’s

Infrastructure – Don’t put IT facilities at risk by introducing malware, interfering with hardware or loading unauthorised software. Contact IT Help (ext 3333) if software/hardware is damaged or missing

Information – Safeguard personal data, respect other people’s information and don’t abuse copyright material. Ensure that access to systems and data is updated or removed when users change role or leave. Data regarding individuals must be encrypted when held on mobile, portable or home devices, or on cloud storage. Report IT security breaches and risks to IT Help (ext 3333)

Behaviour – Don’t waste or misuse IT resources, interfere with others’ legitimate use or behave towards others in a way that would not be acceptable face to face.