Goodenough College (“College”) has adopted the following Information Security Policy (“Policy”) as a measure to protect the security, integrity and availability of the College’s data as well as any Information Systems, computers, tablets, servers or network equipment that stores, processes or transmits that data.
Any Information System that stores, processes or transmits data belonging to either the Staff or Members of Goodenough College or to the College itself shall utilise sufficient data security and integrity measures. What constitutes sufficient date security and integrity measures is defined by the IT Department Staff and is redefined as an when appropriate.
Staff that are authorised to access College data shall provide adequate data security and integrity measures when accessing College data externally. The IT Department provides secure remote access facilities but responsibility for the device that is being used to connect to the College remains with the User.
All College data shall be protected in a manner that is reasonable and appropriate for that data. All servers containing College data are backed up each evening on working days and any College data stored on servers that are on located within the College is backed up by the organisations that provide the service.
College data must not be transferred onto insecure (and easy to lose) USB memory sticks. If data needs to be transported to another location and a USB memory stick appears to be the only viable method, the user shall contact the IT Department in order to either find an alternative method or to encrypt the data on the USB memory stick.