This is a statement of the ways in which the University will meet obligations to manage the personal data of those with whom it comes into contact within the framework of the Data Protection Act.
Freedom of Information
The policy of the organisation relating to compliance with the Freedom of Information Act 2000 and the requirements to provide a Publication Scheme and to process requests made within the terms of the Act.
Principal Information Technology Security Policy
The Principal Information Technology Security Policy sets out De Montfort University’s definition of, commitment to, and requirements for Information Technology and Security. It specifies regulations to be implemented to secure information and technology that the University manages and to protect against the consequences of breaches of confidentiality, failures of integrity and interruption to availability.
Outsourcing and Third Party Access Policy
The purpose of the Outsourcing and Third Party Access Policy is to set out the conditions that are required to maintain the security of the University’s information and IT systems when third parties, other than the University’s own staff or students, are involved in their operation.
Information Handling Policy
The purpose of the Information Handling Policy sets out De Montfort University’s definition of, commitment to, and requirements for Information Handling. It sets out the need to define classes of information handled by the organisation and the requirements for the storage, transmission, processing and disposal of each.
User Management Policy
The purpose of the User Management Policy governs the creation, management and deletion of user accounts. It also sets out the principles for the granting and revocation of privileges associated with user accounts.
Use of Computers Policy
The purpose of the Use of Computers Policy is to define the acceptable actions of any individual who interacts with DMU information systems.
System Planning and Management Policy
The purpose of the System Planning and Management Policy is to define how University information systems are specified, designed and managed. It includes processes for identifying requirements and risks, and designing appropriately configured systems to meet them.
Network Management Policy
The purpose of the Network Management Policy is to define how the University networks are designed and how systems are connected to them. It includes appropriate technical and procedural controls to reduce risk and meet the requirements of the Information Handling Policy.
Software Management Policy
The Software Management Policy sets out how the software which runs on the University’s IT systems is managed. It includes controls on the installation, maintenance and use of software, with appropriate procedures for upgrades to minimise the risk to information and information systems.
Mobile Computing Policy
The purpose of the Mobile Computing Policy is to maintain the security of the University’s information assets when they are used from mobile devices (such as PDA’s, mobile phones, laptops, tablets etc.); these devices need not be owned by the University but are being used to access its information systems.