This Policy is applicable to and is to be communicated to staff, students and other organisations or individuals who have access either to University ‘restricted information’ or ‘highly restricted information’ information, or to University computing and network facilities. All staff / employees within the University are required to comply with this Information Security Policy.

The objectives of this Information Security Policy are to:

1. protect against the potential consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
2. ensure that all the University’s information assets and computing and network facilities are protected against damage, loss or misuse.
3. ensure that all staff and student members of the University are aware of and comply with EU law (including General Data Protection Regulation) and UK law (including the Data Protection Act 2018) which applies to the processing of information.
4. increase awareness and understanding across the University of the requirements of information security, and the direct responsibilities of users for protecting the confidentiality and integrity of the data which they themselves handle.
5. uphold the privacy principles and rights of the data subjects under data protection legislation.