Information security procedures

  • Act number: UFV 2017/93
  • Decision maker: University Director
  • Decision date: 2021-03-29
  • Contact:
  • Processing body: Security and safety division
  • Document type: Procedures

Download

About the document

Table of contents

The purpose of the information security procedures is to form a basis for the information security at Uppsala University, as well as provide an overall description of the security requirements imposed on all information processing at the university, both in normal operations and in case of any form of crisis.  

The procedures are based on the guidelines for security and safety at Uppsala University (UFV 2009/1929) and the Swedish Civil Contingencies Agency’s (MSB) directive on the information security in governmental authorities (MSBFS 2020:6), the directive on security measures in information systems for governmental authorities (MSBFS 2020:7), as well as the directive on reporting IT incidents for governmental authorities (MSBFS 2020:8).

Note that this translation is advisory only. Although all care has been taken to ensure the accuracy of the translation, in case of any conflict between the Swedish version and this version, the Swedish version takes precedence.

Contents

  • Information security policies
  • Organisation of information security
  • Human resource security
  • Asset Management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

Last modified: 2021-04-15