Information Governance and Security Policies
The University's Information Governance and Security policies consist of a number of documents which must be followed to protect all information the University holds, as well as our IT systems.
More details, forms and supporting documents can be found on our SharePoint site.
Overarching Information Governance and Security policy - the top-level Information Governance and Security Policy document for the University gives guidance on everyone’s roles and responsibilities.
Subsidiary policies and standards
Good Information Governance protects University information and allows us to use information in secure, efficient and legally compliant processes. The following policies should be applied to all information and not just personal data.
Privacy and Personal Data Protection Policy (PDF) ensures all use of personal data across the University protects individual’s privacy, takes into account legal requirements and is compliant with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Data Breach Policy (PDF)
- Report a Data Breach/Incident
- Data Breach Procedure (PDF)
- Data Breach Reporting form (docx)
- Guidance for response to an email sent to the wrong recipient (PDF)
- Equipment disposal
Regulations relating to the use of information technology facilities provide the detail for anyone that has any access to University computing, telecommunications or networking systems and services provided by, or accessed via, the University of Exeter. This is supported by the following Information Security policies that sets out the responsibilities for all users, including users of privately owned devices.
- Encryption for laptops and other portable devices
- TrueCrypt installation and deployment
- Recommended encrypted USB memory sticks and external hard drives
Patch Management Policy (PDF)
Remote Access Policy (PDF)
Password Policy (PDF)
User Managment Policy (PDF)
Code of Conduct for access to restricted materials provides the steps that staff and students must take before undertaking any teaching or research that may involve sensitive information, such as terrorism material and requires the completion of the: