Q. How does the University risk assess ICT systems that process information?

A The University periodically commissions penetration tests by CREST approved vendors to critical IT services in addition to commissioning such tests on newly provisioned services prior to launch, if deemed appropriate by a risk analysis. The outputs of this process may be made available on request.

A. The University subscribes to the principles of ISO27001 and carries out information security risk assessments on its information assets in order to determine suitable controls.

E. http://sites.cardiff.ac.uk/isf/policies/information-security-specification-systems-level-policy/

E. http://sites.cardiff.ac.uk/isf/policies/information-security-policy/