Information Governance

Information Governance Policies at Loughborough University

 

The aim of the Information Governance microsite is to provide staff and research students with the resources and support required to confidently manage and store the information that we work with as part of our day to day roles and responsibilities. 

More info...

The microsite currently hosts a comprehensive set of Information Security sub-policies (approved by Council in June 2016), which provide a framework for handling data in a manner that is legally compliant and also ensures that the sensitive data of our students, colleagues and partners is secure.

To complement the policies, a host of ‘How To…’ guides and information documents will be developed which will provide colleagues with the tools to work with data safely. These will be added to the site over the coming months. Further to this, we will add other relevant policies (Data Protection, Freedom of Information etc.), thus ensuring that this microsite becomes the ‘first port of call’ that will enable users to gain a good understanding of a wide range of information governance issues.        

In addition to the Information Security sub-policies; all staff and research students are required to complete the mandatory Information Security training. This was launched in February 2016.

If you have any questions or comments related to the resources found in this microsite, please send them in the first instance to Infogov@lboro.ac.uk  

How do I know if it is OK to share information?

Firstly, you need to understand which information category the information you want to share falls into. The Information Categories and Controls Policy will help you to do this, and will explain what measures you should take to ensure that your information is shared appropriately.

If you are planning on sharing ‘Confidential’ information you will almost certainly need to seek further advice from IT Services to ensure that the information will be kept in a safe and secure environment once the data transaction has taken place.

You may also need to seek advice to ensure that any necessary sharing agreements have been put in place to ensure that the University is complying with all relevant legislation.

Is it OK to view University information using my own device (e.g. mobile phone or tablet)?

The University recognises the benefits that using personally owned devices can provide, and understands that we all work more flexibly than ever before. However, it is very important that you read the Mobile Working Policy to ensure you are using your device safely and not putting University information at risk.

The Policy lists a number of measures that you must put in place when setting up your device to access University information, and highlights good working practises that you should be mindful of when doing so.

Remember, that when you open an attachment on a personally owned device, you have created a local copy of it, and must be handled and stored as per the Information Classification and Controls Policy.

What should I do if I become concerned that information is not being handled appropriately?

If you become aware that University information has not been handled correctly or that a data breach has occurred, then you should notify your Line Manager immediately. Depending on the type of information incident, or breach, it may be necessary for your Line Manager to inform either IT Services or Information Security staff. The Management of Information Security Incidents and Review of Policies document provides further information on this.

It is important to note that in the vast majority of cases, data incidents and beaches occur as a result of an accident or due to a lack of knowledge. The University’s main concern in such instances is to minimise the risk to any data, and then following that, identify any process improvements that can be put in place to reduce the likelihood of it happening again.