The Information Security Framework Programme is a Cardiff University wide programme with the Director of Student Services and Governance as Sponsor.

The purpose of the three year programme, is to create a framework by which the University can manage significant financial and reputational risks involved in collecting, storing and using personal and other data and to assure external stakeholders that the University can be regarded as secure in relation to the way it manages its information/data.  The programme will look at all aspects of information security, both technological and organisational.

The objective is to create an information security framework which establishes or facilitates:

  • clear lines of responsibility for information security and risk assessment,
  • a University accepted classification of information types and information owners
  • coherent suites of policies, procedures and guidance
  • provision of appropriate technological tools with associated support
  • identification of required training programmes

The programme is overseen by a Steering Group of representatives from Colleges and Professional Support Services, chaired by the Director of Student Services and Governance.

The programme commenced in July 2012 and is currently in the Assessment and Evaluation stage, which culminates in a Risk Treatment Plan and revised Business Case to be submitted in May 2014.  The implementation phase will follow.

Further information about the programme can be found on the Information Security Framework Community: (membership is open to all University Staff)

Follow us on Twitter @CU_InfoSec