Information & Communication Technology Policies
Browse, search and expand the policies that govern secure, reliable and innovative use of ICT services, infrastructure and data across the University.
Outlines procedures for managing user access to ICT systems, ensuring only authorized individuals can use university resources.
1.1 Access to University ICT services, facilities and infrastructure
Defines criteria and processes for granting access to university ICT resources.
1.2 Account Creation
Details the steps for creating secure user accounts for new employees and students.
1.3 Account Deactivation
Specifies protocols for deactivating accounts upon termination or completion of access need.
1.4 Account Privileges
Describes the assignment and management of user privileges based on roles.
1.5 Account Auditing
Establishes regular audits to ensure account security and compliance.
1.6 Account Security
Provides guidelines for securing user accounts against unauthorized access.
1.7 Administrator Access Requirements
Outlines specific requirements for granting administrator-level access.
1.8 Administrator Account Security
Ensures enhanced security measures for administrator accounts.
1.9 Generic Accounts
Regulates the use and management of generic or shared accounts.
Establishes guidelines for securely transferring data within and outside the university network.
2.1 Initial considerations
Highlights initial steps to assess data transfer risks.
2.2 E-mail
Specifies secure email practices for data transfer.
2.3 Transfer via FTP & Secure FTP
Details usage of FTP and secure FTP for data transfer.
2.4 Removable storage devices (CD, DVD, USB drive & memory stick)
Regulates the use of removable media for data transfer.
2.5 Telephone / mobile phone
Outlines secure use of phones for data exchange.
2.6 Internet based collaborative sites
Governs the use of online collaboration tools for data sharing.
2.7 Sending information by post
Provides guidelines for physical data transfer via mail.
2.8 Posting of sensitive / confidential data
Ensures secure handling of sensitive data in transit.
2.9 Hand delivery / collection
Details procedures for manual data handovers.
Defines standards for creating and managing strong passwords to protect university accounts.
Establishes guidelines for managing relationships with ICT suppliers to ensure security and compliance.
4.1 Identifying and documenting the types of suppliers
Details the process for categorizing suppliers.
4.2 Security Review (Pre-Contract/Agreement)
Requires security assessments before contracts are signed.
4.3 Service Provider Security Review/Data Exchange Agreement
Ensures secure data exchange with service providers.
4.4 Compliance and Certification
Verifies supplier compliance with standards.
4.5 Information Security within Contracts
Incorporates security clauses in supplier contracts.
4.6 Appropriateness of Service Provided
Evaluates the suitability of supplier services.
4.7 Dispute
Outlines dispute resolution procedures with suppliers.
4.8 Security Incident Response
Defines response protocols for security incidents involving suppliers.
4.9 Service Provider Security Review/Data Exchange Agreement
Reiterates secure data exchange agreements.
Regulates access to university networks, hardware, and internet services to prevent unauthorized use.
5.1 Access to networks and network services
Controls access to university network resources.
5.2 Access to Computer Hardware
Manages physical and digital access to hardware.
5.3 Access to Internet
Regulates internet usage policies.
5.4 Access to Social Networking Sites and Chat Sites
Restricts access to social media and chat platforms.
5.5 Access to external Connections (Such as VPN)
Governs the use of VPN and external connections.
Ensures regular backups of critical data to prevent loss and support recovery efforts.
Requires users to keep workspaces free of sensitive materials to enhance security.
Regulates the use of personal devices for university work to ensure security and compliance.
Limits access to sensitive information based on user roles and security levels.
Provides guidelines for the secure use and management of mobile devices on campus.
10.1 Protecting University information and facilities
Ensures mobile devices safeguard university data.
10.2 User Responsibilities
Outlines duties of users regarding mobile device use.
10.3 Data Access and Storage
Regulates how data is accessed and stored on devices.
10.4 Device and physical security
Details security measures for mobile devices.
10.5 When an employee leaves or changes mobile device
Handles device transitions for departing or changing employees.
10.6 Reporting loss or theft
Requires immediate reporting of lost or stolen devices.
Establishes rules for secure and efficient remote working arrangements.
11.1 Authorisation for teleworking
Requires approval for remote work arrangements.
11.2 Provision of teleworking equipment
Details equipment provided for remote work.
11.3 Security of information while teleworking
Ensures data security during remote operations.
Specifies standards for encryption to protect data integrity and confidentiality.
12.1 Encryption Algorithm Requirements
Defines acceptable encryption algorithms.
12.2 General Encryption Principles
Outlines basic encryption practices.
12.3 Email Encryption
Requires encryption for email communications.
12.4 Microsoft Office Documents
Mandates encryption for Office files.
12.5 ZIP Files
Regulates encryption of ZIP archives.
12.6 Other File Types
Covers encryption for various file formats.
12.7 File Shares
Ensures secure file sharing.
12.8 Mobile Device Encryption
Requires encryption on mobile devices.
12.9 Removable Storage
Mandates encryption for removable media.
12.10 DVD/CD-ROM
Regulates encryption for optical media.
12.11 Application Encryption
Ensures encryption within applications.
12.12 Off-Site Storage
Requires encryption for off-site data.
12.13 Password Strength
Defines strong password requirements.
12.14 Digital Certificates
Governs the use of digital certificates.
12.15 Key Management
Outlines procedures for managing encryption keys.
Protects personal data of students, staff, and stakeholders in compliance with privacy laws.
Manages the university’s network to ensure performance, security, and reliability.
14.1 Management of the network
Oversees network operations and maintenance.
14.2 Network design and configuration
Details network architecture and setup.
14.3 Physical security and resilience
Ensures physical protection of network infrastructure.
14.4 Connecting devices to the network
Regulates device connectivity protocols.
14.5 Administration of networked devices
Manages configuration of connected devices.
14.6 Authentication of network users
Ensures user authentication processes.
14.7 Networked device registration
Requires registration of all network devices.
14.8 Hardware and software requirements
Specifies minimum hardware and software standards.
14.9 Network services and protocols
Governs the use of network services.
Regulates the appropriate use of email services for official university communications.
Outlines procedures for the secure disposal of ICT equipment and data.
Provides a framework for auditing university information systems for compliance and efficiency.
17.1 Audit Process
Describes the steps for conducting audits.
17.2 Audit Procedures
Details specific audit methodologies.
17.3 Audit Controls and Management
Outlines controls to manage audit outcomes.
Regulates the procurement and distribution of ICT infrastructure to meet university needs.
18.1 Policy statement
States the purpose of the procurement policy.
18.2 Scope
Defines the coverage of the policy.
18.3 Policy Objectives
Lists the goals of the procurement process.
18.4 Procurement of ICT Equipment
Details the procurement process for equipment.
18.5 Issuance of ICT Equipment
Outlines the distribution of procured equipment.
Classifies university information to determine appropriate handling and protection levels.
19.1 Introduction
Introduces the purpose and scope of classification.
Any user found to have breached this policy shall be subject to MUST disciplinary procedure.
Need More Information
For detailed policy documents, implementation guidelines, or specific questions about ICT policies, contact our ICT department directly.