Information Governance and Security Policies

The University's Information Governance and Security policies consist of a number of documents which must be followed to protect all information the University holds, as well as our IT systems.

More details, forms and supporting documents can be found on our SharePoint site.

Overarching statement

Overarching Information Governance and Security policy - the top-level Information Governance and Security Policy document for the University gives guidance on everyone’s roles and responsibilities.

Subsidiary policies and standards

Good Information Governance protects University information and allows us to use information in secure, efficient and legally compliant processes. The following policies should be applied to all information and not just personal data.

Regulations relating to the use of information technology facilities provide the detail for anyone that has any access to University computing, telecommunications or networking systems and services provided by, or accessed via, the University of Exeter. This is supported by the following Information Security policies that sets out the responsibilities for all users, including users of privately owned devices.

Information Security Controls Policy (PDF)

Bring Your Own Device Policy (PDF)

Information Security for Portable and Removable Media Devices Policy (PDF)

Laptop and Workstation Build Policy (PDF)

  • Encryption for laptops and other portable devices
  • TrueCrypt installation and deployment
  • Recommended encrypted USB memory sticks and external hard drives

Patch Management Policy‌ (PDF)

Anti-malware Policy(PDF)

Remote Access Policy (PDF)

Password Policy (PDF)

User Managment Policy (PDF)

Boundary Firewall Rules Policy (PDF)

Cloud Security Standards and Guidelines (PDF)

Code of Conduct for access to restricted materials provides the steps that staff and students must take before undertaking any teaching or research that may involve sensitive information, such as terrorism material and requires the completion of the:

Janet Acceptable Use Policy

eduroam(UK) Policy