Information Security

Information Security

The integrity & confidentiality principle

The University is committed to protecting the integrity, confidentiality and availability of its information. Please refer to the University's Information Risk Classifications for guidance on how to classify and protect information based on its risk category.

Article 5(1)(f) of the GDPR requires that personal data is processed in a manner that ensures appropriate security of that data, including:

  • protection against unauthorised or unlawful processing
  • protection against accidental loss, destruction or damage
  • use of appropriate technical or organisational measures, such as:
    • pseudonymisation and encryption of personal data,
    • ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services,
    • restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident,
    • regularly testing and evaluating the effectiveness of all technical and organisational safeguards

For further guidance and information on the University's security policies, please see the IT Services Information Security policies and procedures.