Information security

Information audit

Information audit helps to identify the information held by the University and assess how it is managed and shared.

The audit process provides recognition and understanding of how the University operates in relation to administrative, legislative and regulatory requirements.

It identifies strengths and weaknesses in the management of records and information. It highlights any actions required to make sure information is managed and used appropriately.

The University works with external and internal auditors who carry out regular reviews of our activities. Recent internal audit topics include IT business continuity and Information Strategy.

The audit reports provide a detailed description of the auditors' findings, including good practice, risks and associated actions.

The actions are regularly reviewed to ensure they are being completed.

Audit in the University is overseen by the University Audit Committee.

Business continuity management

Business continuity management (BCM) is important for any large organisation.

It is the process of assessing potential risks and developing strategies and procedures to deal with them. This means that the University's core activities and functions can recover as quickly as possible.

Serious incidents are rare, but they do happen. UK universities have experienced disruption due to fires, floods, IT failure and severe weather.

The University BCM plan:

• University policy and management procedure: Business continuity

The Business Continuity Working Group is currently developing the University’s response to disruptive incidents.

IT Services is working to create a more robust infrastructure. It is also developing a more formal approach to managing incidents which affect its services.