IT Security comprises three main elements: confidentiality, integrity and availability. Confidentiality is what many people think of first in the context of information security and is about ensuring information is accessible only to those that have a right to it. Integrity is about protecting information from unauthorised or accidental change. Availability addresses the issue of ensuring information is available when required to those that have a right to it.
A robust information security management system, made up of policies and procedures, assists the College in complying with statutory obligations such as the Data Protection Act. It also helps to ensure that the information that the university owns is handled properly and stored securely. For the School of Medicine and Dentistry (SMD), it helps to ensure that the university complies with the requirements of the Medicines and Healthcare Products Regulatory Agency (MHRA) in relation to data held on patients and trial subjects.
The University Information Security Policies can be found in the IT Policy section.
Security for Suppliers
Where it is necessary for a supplier of goods or services to have access to Queen Mary information systems, the supplier is required to abide by the Queen Mary Information Security Policies. The supplier must download the Queen Mary Information Security Policies document and return a signed copy to the procuring officer.
Suppliers having access to information held in Queen Mary systems are required to sign a confidentiality agreement. The supplier must download the Queen Mary Confidentiality Agreement document and return a signed copy to the procuring officer.
See DG03 Confidentiality agreements below for more details.
Cyber Security Awareness Module
A Cyber Security Awareness module is available for colleagues to self-enrol for in QMplus uysing the link below:
- The URL to the course: https://qmplus.qmul.ac.uk/course/view.php?id=8305
All university staff have a responsibility to ensure that information that they hold and use is handled appropriately. This course is designed to help staff have a better appreciation of the importance of information security. The training has been created by a consortium of universities specifically to address the need for Cyber Security Awareness training in the higher education sector.
The course is available on QMplus and should take about an hour to complete. There is a short test at the end of the course. If you do not succeed in achieving the pass mark the system will only retest on topics where the pass mark was not achieved.
Please email firstname.lastname@example.org if you cannot access to the training.