skip to content

IT Help and Support

University Information Services

An information asset is any information that has value to the University, institution or owner.

An information asset owner is a person who is responsible for the use of the information asset and ultimately accountable should it be inappropriately disclosed, corrupted or lost.

UIS and the Information and Cyber Security Team have developed various tools for information asset owners to use to ensure that appropriate security is applied to the information asset, in accordance with the impact to the University, Institution or owner should that information be compromised in some way.

The Information Asset Register (IAR)

According to the data protection policy, all information assets containing personal data should be registered in this register. However, we would recommend that all information of value to the University or Institution should also be registered.

The Information Security Risk Assessment (ISRA)

Once the information assets are registered, or listed, the ISRA 2 form helps the information asset owner (or designee) to consider the threats and risks to the information asset, stepping them through a methodology to assess the risk. During this process, the owner classifies the information asset and recommended storage locations are suggested. Once the full risk assessment process is completed, the owner should find it easier to decide on any further mitigation of the risk required with control selection.

Information classification and handling

This page explains how to use the impact assessment from the ISRA to help classify the data. Once classified, recommendations are given regarding how to handle that data to ensure the appropriate organisational and technical measures are applied. Alternatively, the owner could use the ISRA 2 form and stop after they have completed classification.

Information storage by classification

This page gives a set of tables of recommended and not recommended storage solutions for the data, organised by the level of classification.

UK GDPR systems checklist

This is an online checklist to step the information asset owner through various aspects of the system which holds the information asset with regard to how this system is able to fulfil the requirements of the UK GDPR. This, then, only applies to data which is covered by the UK GDPR, i.e. it includes data about a living person and is not fully anonymised. Fully anonymised data (data where it is impossible to associate a specific living individual to any of that data) is exempt from the UK GDPR.

Minimum security requirements for systems and services

This page explains how the minimum security requirements for systems and services help service owners, project and technical leads implement effective security standards for their services. They are known in UIS) as the security non-functional requirements (NFRs) or the security NFRs.

Further information and tools:

Data Protection Impact Assessment (DPIA)

This form helps the information asset owner assess the impact to the data subjects themselves rather than to the University, insitution or the owner, should the data be compromised in some way. It's available from the Information Compliance Office, which would also be able to help with any queries on how to complete it.

UIS Service Desk

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

University Wireless Service maintenance 7am to 8am on Saturday 3 December

2 December 2022

The University Wireless Service will be undergoing essential maintenance at 7am to 8am on Saturday 3 December while we apply a system software patch. This is an important update to the Wireless Service controllers to improve the service. There will be an interruption to service during this period. Users may be unable to...

Moodle stabilisation

30 November 2022

Moodle, the University’s virtual learning environment, will be moved to a Catalyst-managed Moodle hosting service during December and January. Each migration will result in up to a single day’s downtime for the Moodle being migrated, with users unable to access the Moodle. The Assessment Moodle will be unaffected. The...

DS-Print: Resolved - difficulties purchasing Common Balance credit

22 November 2022

The problem affecting users topping up their Common Balance for DS-Print using eCredit has been fixed by our external payment provider. Affected users should now be able to add credit to their account and no longer receive an error message after submitting their credit/debit card details.