Increasingly we are seeing research applications include sections devoted to how the successful bidder manages information security.

Some of the common questions are listed below. It is also worth visiting the Policies tab for access to the information security related policies.

For each question a typical answer (A.) is provided. Evidence (E.) that can be provided in support of the answer is provided in the form of links to policies or other resources.

• Q. Describe the backup regime and processes that will be applied to information?

• Q. Does the University have an Acceptable Use policy?

• Q. How does the University approach business continuity and disaster recovery for all locations where research information is kept.

• Q. How does the University defend itself against viruses and malware?

• Q. How does the University ensure all staff are trained in information security?

• Q. How does the University ensure baseline controls are applied to their staff?

• Q. How does the University ensure that access to networks, which hold research information are protected from unauthorised access?

• Q. How does the University ensure that ICT equipment which holds research information is erased in a way that makes the information unrecoverable?

• Q. How does the University manage information security incidents?

• Q. How does the University risk assess ICT systems that process information?

For further advice and assistance in completing these information security questionnaires please contact

Matt Cooper, Information Rights Manager (Cooperm1@cardiff.ac.uk) or tel: 029 208 75466

Department of Strategic Planning and Governance

Friary House, 2nd Floor

Greyfriars Road

Cardiff, CF10 3AE

Email:  isf@cardiff.ac.uk

You may also wish to refer to the Data Protection Advice for Researchers on the Governance web pages.

Follow us on Twitter @CU_InfoSec [social_media size=”medium” services=”twitter”]