Example Local Policies

Like most things in Information Security there is no one-size-fits-all policy that can be applied to every unit within the University. What goes in your own security policy will be determined by your own security requirements and what you actually do. A security policy need not be a lengthy detailed document but it should be accessible to all. For more information revert back to the toolkit however, at a basic level, a security policy should be signed off and supported by your senior management. It should also:

  • Define Information Security in the context of your local unit
  • Set out the scope of the policy
  • Describe your information security requirements
  • Define roles and responsibilities for Information Security
  • State the committement and support of your senior management team meeting your security objectives

What follows below is a list of examples and template policies split into categories to help you decide which may be appropriate for you. Of course you are free to use any you wish and to mix and match as required:

Basic Template

The following template is intended to be a basic starting point that could be applied to most units. It is intentionally a short document designed to state the above points and should be considered the minimum requirement for having a security policy:

Example Unit Policies