Need help?
We don't expect you to know the details of every policy and how they're applied in all situations.
If you're unsure, ask for help.
This website aims to help you understand Information Policy and how it relates to your work. It also helps to ensure that we don't break the law.
We are all responsible for handling information correctly.
We also need to be aware of the requirements of people or organisations who share our information, eg research funders and the NHS.
Five steps to understanding Information Policy and how it applies to you
1. Understand why we need Information Policy
2. Understand what Information Policy covers
3. Understand the University regulations for use of computing facilities and information
Confidentiality | Only people with a valid and authorised reason to access confidential information should be able to do so. |
---|---|
Data integrity | Unauthorised individuals or processes must not be able to alter or delete information. |
Availability | Information is actively maintained and can be accessed when it is required. |
Responsible use | Information must be used appropriately. |
All information |
Information in any format that the University owns or is handling for another organisation. It includes emails, administrative information, student and staff records, financial information, teaching and learning materials, research data, strategic planning information, contracts, meeting papers and minutes. |
---|---|
All information systems (manual or electronic) |
|
All devices |
Any device that is used to access, manipulate or store University information (eg desktop machines, laptops, tablets, phones). It includes devices that are:
|
All individuals |
Staff, students, associates and anyone else who may access, use or manage University information (eg visitors, contractors, partners, third parties). |
Regulation 11 applies to everyone - all staff, students, associates, and anyone else who uses University IT facilities and information.
It sets out the main rules for using University information and IT facilities and the consequences of not doing so.
Everyone who has a University username and password agrees to abide by the Regulation when their account is created.
Think of the Regulation as being the 'top document' in the hierarchy from which all other Information Policy follows.
Remember that the Regulation applies to electronic information as well as computing facilities.
You should also be aware of other legal and licence requirements:
This is the foundation for all information policies.
The scheme provides colour coded guidance on classifying information (eg confidential, public), and how to manage the different levels of security required.
It covers all information held by the University, in any format (physical and electronic).
The summaries are organised by theme to help you identify which policies you need to understand.
Some policies apply to some of you more than others, depending on your role and the type of information that you handle.
Information security
- Information Security Policy
- IT security
- Information audit
- Business continuity management
Records management
- Records management policy
- Retention and disposal
- Draft retention schedules
- Research data management
- Policy on the Publication of Research
- University archive
Information rights
- Data protection
- Freedom of information
- Copyright
- Intellectual property
- Access to personal records
Ethics and integrity
- Code of practice on research integrity
- Code of practice for good ethical governance
- Professional codes of conduct
We've also provided guidance organised by status at the University, eg researcher, undergraduate, academic: