skip to content

IT Help and Support

University Information Services

An information asset is any information or data that has value to the University, institution or owner.

An information asset owner is a person who is responsible for the use of the information asset and ultimately accountable should it be inappropriately disclosed, corrupted or lost.

UIS and the Information and Cyber Security Team have developed various tools for information asset owners to use to ensure that appropriate security is applied to the information asset, in accordance with the impact to the University, Institution or owner should that information be compromised in some way.

The Information Asset Register (IAR)

According to the data protection policy, all information assets containing personal data should be registered in this register. However, we would recommend that all information of value to the University or Institution is registered.

The Information Security Risk Assessment (ISRA)

Once the information assets are registered, or listed, the ISRA 2 form helps the information asset owner (or designee) consider the threats and risks to the information asset, stepping them through a simple methodology to assess the risk. During this process, the owner classifies the information asset and recommended storage locations are suggested. Once the full risk assessment process is completed, the owner should find it easier to decide on the appropriate security controls to implement in order to reduce the risk to an acceptable level.

Information classification and handling

This page explains who should classify the information asset, how to do it and then where to store it based on the classification. 

Information storage by classification

This page gives a set of tables of recommended and not recommended storage solutions for the data, organised by the level of classification.

UK GDPR systems checklist

This is an online checklist to step the information asset owner through various aspects of the system which holds the information asset with regard to how this system is able to fulfil the requirements of the UK GDPR. This, then, only applies to data which is covered by the UK GDPR, i.e. it includes data about a living person and is not fully anonymised. Fully anonymised data (data where it is impossible to associate a specific living individual to any of that data) is exempt from the UK GDPR.

Minimum security requirements for systems and services

This page explains how the minimum security requirements for systems and services help service owners, project and technical leads implement effective security standards for their services. They are known in UIS) as the security non-functional requirements (NFRs) or the security NFRs.

Further information and tools:

Data protection impact assessment (DPIA)

This form helps the information asset owner assess the impact to the data subjects themselves rather than to the University, insitution or the owner, should the data be compromised in some way. It's available from the Information Compliance Office, which would also be able to help with any queries on how to complete it.

UIS Service Desk

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

You can read previous editions of bITe-size.

Latest news

Delivering network connectivity for the Cambridge Half Marathon

9 March 2023

Richard Davies from the Granta Backbone Network (GBN) team and Craig Faux from the Networks team, worked together to help deliver network connectivity for the Cambridge Half Marathon that took place this past weekend. The University has been assisting the Council with delivering network connectivity for the Cambridge Half...

Changes to Google Workspace accounts from March

23 February 2023

15 February 2023 We are preparing to delete UIS managed Google Workspace accounts for users that have left the University to maintain system performance and security and reclaim file space ahead of Google introducing file space quotas. When a user leaves the University, their account is flagged as cancelled in Lookup and...

Wireless Service maintenance in March and April 2023

21 February 2023

We’ll be carrying out essential maintenance on the University Wireless Service in March and April 2023 to pave the way for its continued growth. Three phases of work in March and April 1. Tuesday 21 March, 8:00 to 9:00 You might experience interruptions to the UniOfCam-IoT service during the maintenance period. You might...