Information Security Policy

The University's Information Security Policy consists of a number of documents which must be followed to protect all information the University holds, as well as our IT systems. Please be aware that all these policies are currently under review and will be updated, with additional guidance and top tips on how to implement them.

Overarching statement

The Overarching Information Security Policy is the top-level Information Security Policy document for the University.

Subsidiary Information Security policies and standards

These documents specify what is and is not allowed:

The Anti-malware Policy sets out the responsibilities for all users, including users of privately owned devices, in relation to malicious software to ensure IT systems and other facilities are secure and available.

The Information Classification Policy helps staff and students determine the classification and how to handle information and is supported by the Information Handling Guidelines

Policy for Information Security on laptops and portable media

Regulations relating to the use of information technology facilities provide the detail for anyone that has any access to University computing, telecommunications or networking systems and services provided by, or accessed via, the University of Exeter.

Data Protection Policy ensures all use of personal data across the University takes into account legal requirements and is compliant with the Data Protection Act 1998.

Records Management Policy acts as a framework to support the management of records across the University and includes the University Records Retention Schedule.

Terrorism Code of Conduct notification form provides the steps that staff and students must take before undertaking any teaching or research that may involve terrorist material. 

The Terrorism Code of Conduct Notification Form is available Terrorism Code of Conduct notification form.

Janet Acceptable Use Policy

eduroam(UK) Policy

Documents relating to the Information Security policies

Setting up VPN

Encryption for laptops and other portable devices

TrueCrypt installation and deployment

Recommended encrypted USB memory sticks and external hard drives

Encryption of files and folders

Web content guidelines

Other documents

Terms and conditions of use for blog and wiki administrators and moderators

Equipment disposal