Information Security Policy of the University of Akureyri

The Information Security Policy of the University of Akureyri is based on the values of the University and has the objective of safeguarding the security of information systems and information that the University is entrusted with, not least the personal data of students and employees. The aim is for systems and information to be available when required, that information is only accessible to those who need it and that it is protected against unwanted alterations. The Information Security Policy shall serve as a guiding principle for how information and information systems can be used to attain success in a secure manner.

Scope

The Information Security Policy of the University of Akureyri extends to the internal operations of the University and all services that UNAK provides to students. The Policy also extends to all members of staff and UNAK’s subsidiary organisations.

Progressive:

  • To use knowledge and technology to attain success as securely as possible
  • That systems and information support innovation for society as a whole
  • That the University’s information systems are progressive in use of new technology and possibilities
  • To be efficient in implementing innovations that help students and staff get results
  • To empower staff and students in how they can safeguard their own information in work and play

Equality:

  • With security as a guiding principle, systems and information shall be accessible to each student or staff member on their terms
  • All students and staff of the University shall have access to the systems and information which are necessary for them to attain success, but security shall always be taken into account
  • That all staff and students have ready access to information, consultation and assistance irrespective of status or circumstances

Independence:

  • Access to systems and information shall support independent thought and provide possibilities for forming new solutions in studies and work
  • That information technology is used to support students and staff in their work
  • That empowerment is used as a guiding principle in choosing solutions for students and staff, but that security is always the focus

Trust:

  • That communication routes are short and work processes clear
  • That security of systems and information is always the best it can be and that special attention is given to safeguarding personal data
  • That security of information on students and staff is always as well protected as possible
  • That information on students and staff is only accessible to those who require the information and that it is protected against unwanted alterations
  • That in assessing increased security requirements and implementation of new solutions, consideration is always given to the needs of students and staff
  • To contribute to access to information with economical and secure backups and that systems and data are accessible when needed
  • To provide necessary instruction to students and staff concerning how they can notify of possible risks and request further information if needed
  • That work is always carried out in accordance with laws, regulations and best practices

Responsibility

Responsibility for the implementation of UNAK’s Information Security Policy is as follows:

  • The Rector of the University is responsible for the Information Security Policy
  • The Rector’s Office and Centre for Teaching and Learning are responsible for implementing the Policy
  • All UNAK employees are responsible for ensuring that the procedure they follow in their work is in accordance with University regulations and the Information Security Policy. All employees are also obligated to notify of security incidents and weaknesses regarding information security

This Policy shall be reviewed as needed, but every two years, at a minimum.

Approved by the University Council of the University of Akureyri on 24 April 2019.