Information Governance and Security Policies

The University's Information Governance and Security policies consist of a number of documents which must be followed to protect all information the University holds, as well as our IT systems.

Overarching statement

Overarching Information Governance and Security policy- the top-level Information Governance and Security Policy document for the University gives guidance on everyone’s roles and responsibilities.

Subsidiary policies and standards

Good Information Governance protects University information and allows us to use information in secure, efficient and legally compliant processes. The following policies should be applied to all information and not just personal data.

Information Classification Policy (PDF)

Records Management Policy (PDF)

Information Retention Policy (PDF)

Information Sharing Policy (PDF)

Privacy and Personal Data Protection Policy (PDF) ensures all use of personal data across the University protects individual’s privacy, takes into account legal requirements and is compliant with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Data Breach Policy (PDF)

Data Subject Request Procedure (PDF)

Data Protection Impact Assessment Policy (PDF)

Data Protection Impact Assessment Guidance (PDF)

Data Protection Impact Assessment Report Template (docx)

Data Protection Impact Assessment and Risk Register Form (xlsx)

Web content guidelines

Regulations relating to the use of information technology facilities provide the detail for anyone that has any access to University computing, telecommunications or networking systems and services provided by, or accessed via, the University of Exeter. This is supported by the following Information Security policies that sets out the responsibilities for all users, including users of privately owned devices.

Information Security Controls Policy (PDF)

Bring Your Own Device Policy (PDF)

Information Security for Portable and Removable Media Devices Policy (PDF)

Laptop and Workstation Build Policy (PDF)

Patch Management Policy‌ (PDF)

Anti-malware Policy(PDF)

Remote Access Policy (PDF)

Password Policy (PDF)

User Managment Policy (PDF)

Boundary Firewall Rules Policy (PDF)

Cloud Security Standards and Guidelines (PDF)

Code of Conduct for access to restricted materials provides the steps that staff and students must take before undertaking any teaching or research that may involve sensitive information, such as terrorism material and requires the completion of the:

Janet Acceptable Use Policy

eduroam(UK) Policy