Ulster University Standard Cover Sheet



Similar documents
Ulster University Standard Cover Sheet

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Information security policy

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

NHS Business Services Authority Information Security Policy

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

Highland Council Information Security Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

Newcastle University Information Security Procedures Version 3

INFORMATION SECURITY POLICY

Information Security Policies. Version 6.1

Rotherham CCG Network Security Policy V2.0

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Information Governance Policy

Corporate Information Security Management Policy

University of Liverpool

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

ULH-IM&T-ISP06. Information Governance Board

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

University of Sunderland Business Assurance Information Security Policy

Mike Casey Director of IT

How To Ensure Network Security

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Data Protection Policy June 2014

Network Security Policy

How To Protect Decd Information From Harm

University of Liverpool

Internet Use Policy and Code of Conduct

Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Dene Community School of Technology Staff Acceptable Use Policy

Guideline for Roles & Responsibilities in Information Asset Management

Regulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES. 1. Definitions. In this regulation unless a contrary intention appears.

Corporate Health and Safety Policy

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Corporate Information Security Policy

Information Governance Framework

Network Security Policy

ELECTRONIC MAIL ( ) September Version 3.1

Information Governance Strategy

Information Governance Strategy & Policy

PS 172 Protective Monitoring Policy

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

University of Liverpool

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

Consequence Management

Caedmon College Whitby

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

Conditions of Use. Communications and IT Facilities

Berwick Academy Policy on E Safety

National Occupational Standards. Compliance

Regulation of Investigatory Powers Act 2000

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

IT SECURITY POLICY (ISMS 01)

Information Technology Services

Wright State University Information Security

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Records Retention and Disposal Schedule. Information Management

Information Governance Policy

Data Protection Policy

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Code of Corporate Governance

How To Ensure Information Security In Nhs.Org.Uk

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Corporate. Security Management Policy. Document Control Summary. Contents

Information Integrity & Data Management

California State Polytechnic University, Pomona. Network Monitoring Guidelines

Compliance and Enforcement Policy. November 2013

INFORMATION GOVERNANCE POLICY

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

Transcription:

Ulster University Standard Cover Sheet Document Title IT Monitoring Policy 1.5 Custodian Approving Committee Deputy Director of Finance and Information Services (Information Services) Information Services Directorate (ISD) Policy approved date 2015 11 05 Policy effective from date 2015 11 05 Policy review date 2016 11 05 Changes to previous version Page 3 Added The Counter Terrorism and Security Act (2015); Page 5 Updated hyperlink 1

UNIVERSITY OF ULSTER Information Technology Monitoring Policy INTRODUCTION AND BACKGROUND The University furnishes information and communications equipment, networks, systems and services (Information Technology (IT)) to staff, associates, visitors and students with the express purpose of furthering the University s corporate aims and objectives. The University is committed to: Protecting its employees, students, associates, partners, itself and its investment from consequences of illegal and/or damaging use of such equipment and services; Ensuring the use of such equipment and services is compatible with and appropriate to its corporate aims and objectives; Actively managing its IT infrastructure to assure: o its efficient and effective operation; o its confidentiality, integrity and availability; o its capacity and performance is fit for purpose; o its legal operation. The University operates its Information and communications equipment, networks and systems (including Telephony) as private systems for the use of its staff, associates, visitors and students. The University has the right, responsibility, and the necessity, to control the operation and use of its IT Systems and will therefore actively conduct monitoring of its Information Technology. RELEVANT LEGISLATION The University will comply with all legislation and statutory requirements relevant to information and information systems, including: Computer Misuse Act 1990; Data Protection Act 1998; Communications Act 2003; Copyright, Designs and Patents Act 1988; Freedom of Information Act 2000; Human Rights Act 2000; Regulation of Investigatory Powers Act 2000; Police and Justice Act 2006; 2

The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 ( the Lawful Business Regulations ); The Counter Terrorism and Security Act (2015); OTHER RELEVANT POLICIES, GUIDELINES AND CONTRIBUTIONS JISC Legal Information: E-Security Overview Interception and Monitoring of Communications in FE and HE (2006) AIMS, PURPOSE AND SCOPE This policy aims to establish the University s commitment to, responsibilities for, and management framework for the monitoring of its Information Technology holdings (IT). The purpose is to achieve: Authorisation for members of staff to conduct monitoring of the University s IT; Effective governance and management of the use of the University s IT; Effective procedures for the handling of exceptions that are observed during monitoring; Communication of the University s responsibilities for and approach to monitoring of its IT; Prevention, detection and investigation of un-acceptable use of the University s IT; Centralised reporting and collation of incidents and co-ordination of incident management. The scope of this policy includes all University Information Technology, Communications Equipment (including Telephony equipment), Information Systems and Services. Information Technology is potentially owned and operated by all organisation units (Faculties, Schools, Research Institutes, and Administrative Departments) within the University. The responsibility for ensuring monitoring and reporting for a given IT System lies with the Senior Officer responsible for the department managing the system; DEFINITIONS Information Technology Monitoring: The general, operational, management and review of IT Systems usage, behaviour and configuration; recording/logging and review of system and user actions, inspecting and auditing of the data stored, the interception of communications between IT Systems, the investigation and diagnosis of faults or incidents; 3

Directed investigation: The focussed collection of monitoring data, system and user data or files and/or the interception of specific communications, to investigate and collect evidence in respect of a suspected or alleged IT policy non-compliance. PROCEDURE Ultimate responsibility for the execution of this policy rests with the Vice-Chancellor of the University. The Information Services Directorate (ISD) is responsible for the creation and approval of this Policy s Implementation Framework and for oversight of its implementation and performance. The Vice-Chancellor authorises Senior officers of the University and their delegates to conduct IT Monitoring. This policy will be reviewed annually and updated as necessary to ensure that it remains appropriate in the light of relevant changes to the law, other University policies, or contractual obligations. IMPLEMENTATION The Policy will be implemented and supported by the introduction of codes of practice, operational and technical Standards, Procedures, and Guidelines; the Policy Implementation Framework. Specialist advice and where appropriate, training courses or materials relating to monitoring of IT Systems shall be made available to University staff authorised to conduct activities in accordance with this policy. The implementation of this policy shall be reviewed independently of those charged with its implementation. It is University policy that: 1. Telephone calls may be intercepted or recorded. Telephone traffic may also be monitored by recording any of the following: date, time, duration, source, destination, and cost; 2. Requests for monitoring data from external parties, such as the police or other law enforcement agencies must be submitted in writing for approval to the Deputy Director of Finance and Information Services (Information Services); 3. All monitoring data shall be maintained in compliance with the Data Protection Act; 4. All University Information Technology shall be actively monitored. Risk assessments may be conducted and IT Monitoring activities directed and prioritised appropriately. 4

5. Directed investigation shall only be conducted on the written authority of the Deputy Director of Finance and Information Services (Information Services). The duration and focus of the investigation shall be limited. This Standard shall be reviewed annually. COMPLIANCE Compliance with this Policy and its relevant Codes of Practice, Standards and Procedures, will be supported by: Implementation of appropriate information technologies for the interception, collection and inspection of computer and network data, and computer systems logs and application audit trails; Audit of Systems Management and administration activities on University IT Systems to ensure compliance with this and other University Policies; The results will be subject to scrutiny by the ISD, who will in turn report their findings to senior management. Any breaches of policy, or deliberate non-compliance with standards and procedures, will be investigated, reported and may lead to disciplinary action. The appropriate disciplinary action will be determined according to circumstance, in conjunction with the HR Department in the case of staff, and in conjunction with the relevant Dean of Faculty in the case of students. ISD will oversee disciplinary actions and report same to senior management. In the event that an employee or student is aware of a potential breach of this policy, they are encouraged to report their concerns to their manager or Dean. All such information will be treated in confidence. Where external organisations or individuals are using, or providing service for, the University s IT, they are required to comply with this policy, and the security standards and procedures that underpin it. OTHER RELEVANT POLICIES University of Ulster Data Protection Policy University of Ulster Electronic Information Assurance and ISMS Policy 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information