The University has completed a major revision of its Information Security Policy in order to ensure that it is able to meet increasingly stringent requirements for protecting information and to give assurance to staff, students, and others about whom we hold personal data, that their information is being held securely and processed in appropriately.
It is essential that everyone understands and complies with the policy and its attendant security standards. Recent reports in the media have highlighted cases where organisations have failed to meet these requirements, resulting in heavy fines of £150,000 and more from the Information Commissioner. But any financial penalties are likely to be relatively minor compared with the resulting loss of reputation. For a university, failure to manage information properly could be hugely damaging.
We all have a responsibility to ensure that the information the University holds and uses is handled securely and appropriately. However, making staff aware of University Information Security policies and what they mean for them is a challenge.
Information Security Awareness Training is available in Canvas. Go to birmingham.instructure.com/enroll/C3TDFL to enrol and input your your user id (not email address) and password.
All staff and many students are required to take this course annually. This is a requirement imposed by several outside bodies including the NHS, Department for Education and Research Councils.