The University of Manchester IT Security Policies

lowlyoutstandingMobile - Wireless

Nov 24, 2013 (3 years and 10 months ago)

100 views

The University of Manchester
Policy Document
Information Handling, Encryption and
Mobile Computing
The University of Manchester
IT Security Policies
Information Handling, Encryption and Mobile Computing
1
Introduction
The information handling policy sets out how digital information should be handled. This

includes confidentiality, integrity and availability and the use of encryption tools for the

protection of sensitive information and communications.
2
Policy Statements
Access to data is controlled, and an inventory of the university’s major information assets and

their owners is maintained by the Records Management Office.
All users of information systems must manage the creation, storage, amendment,

transmission, copying and deletion or destruction of data files in a manner which safeguards

and protects the confidentiality, integrity and availability of such files.
Information must be readily available to authorised users.
Information owners must ensure that appropriate Data Protection and Business Continuity

procedures are in place.
The archiving of digital information must consider legal, regulatory and business

requirements and support the University’s Interim Retention Policy and guidance from the

Records Management Office.
Transmission of data through any channel should be conducted in accordance with the

appropriate technical and procedural measures to ensure the security of the information.
Sensitive information and outputs from systems handling sensitive data must be appropriately

labelled.
Sensitive information should only be stored, transferred or copied when the confidentiality

and integrity of the data can be reasonably assured throughout the process.
Encryption tools should be used, in accordance with guidance, to provide appropriate levels

of protection to sensitive information whilst ensuring compliance with statutory, regulatory

and contractual requirements.
Destruction or disposal of digital storage devices must be in accordance with standards and

guidance specified by the IT Security Coordinator.
27/01/09
Information Handling, Encryption and Mobile Computing
Page
1
of
2
The University of Manchester
Policy Document
Information Handling, Encryption and
Mobile Computing
3
Document Control
Document control box
Policy / Procedure title:
Information Handling, Encryption and Mobile Computing
Date approved:
Approving body:
Risk and Emergency Management Group
Version:
0.7
Supersedes:
Previous review dates:
Next review date:
January 2010
Related Statutes, Ordinances,
General Regulations:
General Regulation XV
Related policies:
Information Security Policy
Interim Information Retention Policy
Related procedures:
(list only if applicable)
Related guidance and or
codes of practice:
User Guide to Data Handling
Information retention Guidance
User Guide to Email
What is Sensitive Data?
User Guide to Encryption
Information Technology disposal and destruction Guidance
http://www.itservices.manchester.ac.uk/securitydocs/


Related information:
UCISA Information Security Toolkit Edition 3.0:
Section G – Information Handling
Section P – Cryptography
Policy owner:
Dr Paul Harness, Head of IT Services
Lead contact:
Tony Arnold, IT Security Coordinator
27/01/09
Information Handling, Encryption and Mobile Computing
Page
2
of
2