Information Security - Policy 000813
Information Security - Policy 000813
1. Introduction
The University of Newcastle routinely gathers, stores, maintains, processes, transmits and disposes of records containing information. That information plays a vital role in supporting the University’s business processes and customer services, in contributing to operational and strategic business decisions, and in conforming to legal and statutory requirements. Accordingly, information must be protected to a level commensurate with its value to the organisation, while made available to those who need it.
This policy supports the University’s legal obligation to ensure that private information is managed in accordance with the principles outlined in the Privacy and Personal Information Protection Act 1998 No133, the Health Records and Information Privacy Act 2002, the Protected Disclosures Act 1994 and the State Records Act 1998 and the Universities Privacy Management Plan. The provisions of these Acts must be taken into account when applying this policy.
This policy applies to:
- all users of the University of Newcastle’s information, including service providers of the University of Newcastle;
- all information assets encompassing facilities, data, software, paper documents and personnel.
2. Policy Intent
To provide definitive instruction on the safeguarding of personal and proprietary information and thereby protect the University from the adverse impact on its reputation and operations of failures of confidentiality, integrity and availability.
This policy endorses the University’s Information Security Management System (ISMS).
3. Relevant Definitions
In this policy:
availability means the capacity of information systems (i) to be accessible and useable when required, and (ii) to be able to resist attacks and recover from failures;
confidentiality means the principle of protecting information and preventing its disclosure to anybody other than those who have a right and need to know;
information security management system (ISMS) means a systematic approach to managing sensitive organisational information so that it remains secure;
information system means any University of Newcastle corporate telecommunications and/or computer related equipment or interconnected system or subsystem of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of voice and/or data.
integrity means a standard of performance that guarantees information is created, amended or deleted only by the intended authorised means.
4. Policy
1. Information is an asset of the University.
2. Information used to support the University's operations will be securely stored.
3. Information will be used in a manner which protects the integrity of the data and the privacy of those associated with it.
4. Confidential, sensitive and proprietary information will be protected from corruption, loss, unauthorised access and disclosure.
5. The University of Newcastle will co-ordinate the development of guidelines and procedures for the implementation of this policy that:
· ensure the availability of appropriate information and services to its staff and students, customers and business partners;
· minimise the possibility of a threat to information security causing loss or damage to the University of Newcastle, its staff and students, its customers and business partners;
· minimise the extent of loss or damage from a security breach or exposure;
· ensure that adequate resources are applied to implement an effective information security program.
6. All University of Newcastle staff and students, business partners and government agencies who have access to the University of Newcastle’s information systems will be informed of their responsibilities and obligations with respect to security.
7. The principles of information security will be consistently and effectively applied during the planning and development of University activities.
8. Compliance with this policy will be monitored on a regular basis.
5. Essential Supporting Documents
Information Security Classification Policy.
Information Security Roles and Responsibilities Policy
Network Security Policy
University of Newcastle Computing and Communications Facilities Conditions of Use
Records Management Policy
University of Newcastle Privacy management Plan
6. Related Documents:
AS/NZS 7799.2:2003: Information Security Management - Specification for Information Security Management Systems
Information Security Guideline for NSW Government – Part 1 Information Security Risk Management
Privacy and Personal Information Protection Act 1998 No 133
Health Records and Information Privacy Act 2002
State Records Act 1998
Australian Copyright Act 1968
Copyright Amendment (Digital Agenda) Act 2000
Protected Disclosures Act 1994
NSW State Records Authority Standard on Counter Disaster Strategies for Records and Recordkeeping systems (No. 6)
NSW State Records Authority Standard on Managing a Records Management Program (No. 8)
NSW State Records Authority Standard on Physical Storage of State Records (No. 3)
| Approval Authority: Vice-Chancellor | |||
| Date Approved: Monday, 23rd April 2007 | Date For Review: Friday, 23rd April 2010 | ||
| Policy Contact Position: | |||
|
|||
- General enquiries: 02 4921 5000
- Copyright © 2006: Copyright statement and disclaimer
- CRICOS Code: 00109J
- Last modified: Friday, 27th April 2007
- Feedback: Your Comments