A university such as NHL Stenden is one huge information factory. We use countless applications and computer systems that contain sensitive and personal data. What information is available to whom? What can be shared, and what not? To safeguard the security of all our information we established the NHL Stenden information policy.
How to handle information (security) inside NHL Stenden. This was laid down in the following guidelines:
- Individual responsibility
Each NHL Stenden employee and student knows what is expected of them in relation to their active contribution to the security of automated systems and the information stored therein. These expectations are communicated at their appointment, during performance reviews, by means of an institute-wide code of conduct and periodic awareness campaigns, and at other occasions. If necessary, sanctions can be imposed.
- Line management responsibility
Line managers have the prime responsibility for good information security at their school/cluster or staff department. This also includes the selection of additional measures and their implementation and enforcement.
- Ongoing process
Technological and organisational developments inside and outside of NHL Stenden necessitate the need for frequent assessment to see whether security is still safeguarded well. With frequent audits we can check the policy and implemented measures for effectiveness, after which policies can be amended.
As a legal entity, NHL Stenden has ownership of all information produced under its responsibility, except when agreed otherwise in writing, for example in the context of research. Additionally, the institute manages information of which the ownership lies with others (copyright). Employees and students must be properly informed of regulations regarding the (re)use of this information.
Each NHL Stenden employee and student must be aware of the value of information and act accordingly. This value is determined by the damage caused by the loss of availability, integrity, and confidentiality.
- Standard part of project management
For projects such as infrastructural changes or the purchase of new systems, information security is taken into account from the start.
Think before you act
As described above, NHL Stenden has clear rules for information security. Every individual has their own responsibility. Be aware of that, for example when handling personal data. Besides securing information, what is NHL Stenden’s procedure for obtaining useful information? NHL Stenden has implemented information management to this end.