Accessibility statement

Information Security – Human Resources Policy

Related pages

This policy explains that all staff must abide by University information policies, undertake compulsory training and maintain their knowledge and skills. Failure to follow information policies may lead to disciplinary proceedings.

It applies to all staff, including those who are provided with access to University information and IT systems via an associate staff account.

Policy

1.1 It is the policy of the University that all staff, whether holding a casual, temporary, fixed-term or open contract, must comply with the Information Security Policy of the University.

1.2 All staff are informed that they are required to abide by the University’s policies relating to data protection and information security when they receive their terms and conditions of employment. By accepting their terms and conditions of employment, an employee makes a formal undertaking to abide by the policies. The undertaking applies both during and after their employment with the University.

1.3 If, after investigation, a member of staff is found to have violated the organisation’s data protection, records management or information security policy, they may be disciplined in line with the University’s disciplinary process.

1.4 Depending on the information security requirements, the University may make additional background checks or conduct additional tests during the recruitment process to assess the suitability of candidates for a role.

1.5 All staff must undertake information security, records management and data protection training during their induction to raise their awareness of the risks and issues associated with handling University information, and the appropriate safeguards. This training will be made available through the University’s Statutory and Compliance training programme.

1.6 All staff will be informed of the need to report information security incidents and data protection breaches quickly and of the appropriate method for doing so. Periodic reminders will be issued to all employees.

1.7 All staff must maintain their knowledge and skills in relation to information security throughout their employment at the University, undertaking training as required.

1.8 At the request of the Director of Human Resources (or equivalent senior manager), access to information or IT systems may be removed.

1.9 Any staff member who leaves the organisation will have their access privileges terminated in line with the Managing User Access Policy.

1.10 On leaving the University, a staff member must return all information assets and equipment belonging to the University.