Information security

Data Protection

One of the principles behind the GDPR is Lawfulness, Fairness and Transparency. In order to meet our responsibilities we want to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. DMU will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.  View the current version of our Privacy Notice. We may update our Privacy Notice at any time and we encourage you to check back regularly to review any changes.

Freedom of Information

The policy of the organisation relating to compliance with the Freedom of Information Act 2000 and the requirements to provide a Publication Scheme (.xls) and to process requests made within the terms of the Act.

Principal Information Security Policy

The Principal Information Security Policy sets out De Montfort University’s definition of, commitment to, and requirements for Information Technology and Security. It specifies regulations to be implemented to secure information and technology that the University manages and to protect against the consequences of breaches of confidentiality, failures of integrity and interruption to availability.

Outsourcing and Third Party Access Policy

The purpose of the Outsourcing and Third Party Access Policy is to set out the conditions that are required to maintain the security of the University’s information and IT systems when third parties, other than the University’s own staff or students, are involved in their operation.

Information Handling Policy

The purpose of the Information Handling Policy sets out De Montfort University’s definition of, commitment to, and requirements for Information Handling. It sets out the need to define classes of information handled by the organisation and the requirements for the storage, transmission, processing and disposal of each.

User Management Policy

The purpose of the User Management Policy governs the creation, management and deletion of user accounts. It also sets out the principles for the granting and revocation of privileges associated with user accounts.

Use of Information Systems Policy

The Use of Information Systems Policy defines acceptable and unacceptable use of the university’s information systems. The policy applies to any individual who either actively or passively, makes decisions which in turn causes some computation to be performed on DMU systems.

System Planning and Management Policy

The purpose of the System Planning and Management Policy is to define how University information systems are specified, designed and managed. It includes processes for identifying requirements and risks, and designing appropriately configured systems to meet them.

Network Management Policy

The purpose of the Network Management Policy is to define how the University networks are designed and how systems are connected to them. It includes appropriate technical and procedural controls to reduce risk and meet the requirements of the Information Handling Policy.

Software Management Policy

The Software Management Policy sets out how the software which runs on the University’s IT systems is managed. It includes controls on the installation, maintenance and use of software, with appropriate procedures for upgrades to minimise the risk to information and information systems.

Mobile Computing Policy

The purpose of the Mobile Computing Policy is to maintain the security of the University’s information assets when they are used from mobile devices (such as PDA’s, mobile phones, laptops, tablets etc.); these devices need not be owned by the University but are being used to access its information systems.

Encryption Policy

The De Montfort University Encryption Policy states the appropriate measures to be taken to ensure that all confidential, personal or sensitive personal electronic data is stored and transmitted in a secure manner relevant to the type of data and the system it is held on. This policy outlines the standards which must be adhered to for the storage of such data on systems or devices not already on university secure storage and the transmission of data between systems or devices.

Social Media

Read the DMU Social Media Community Guidelines.

information-security-policy-img