Digitisation helps us to work faster, more reliably and more efficiently. In order to protect our information properly and keep risks manageable, a solid foundation in the field of information security is essential. The Strategic Information Security Policy describes the strategic ambitions and responsibilities for the coming years. Below are the ambitions and principles established by the Executive Board.
Ambitions
Radboud University:
- Implements risk-based information security with appropriate measures, tailored to its social role, functionality, ease of use, safety, costs and privacy.
- Provides insight into the level of security and makes adjustments where necessary through a continuous improvement cycle.
- Has insight into the authorised use of (IT) facilities and can detect unauthorised use.
- Is resilient and prepared for security incidents.
- Complies with relevant laws and regulations and is efficient and effective in control.
Principles
- Information security is risk-based.
- Information security is everyone's responsibility.
- Information security is a continuous process.
- Information security applies to all business processes, all information and all processing operations at Radboud University, as well as to all systems that facilitate this.
- Information security is an integral part of projects or changes relating to information, processes and IT facilities from the outset (Security by Design).
- Users are only granted authorised access to necessary information and IT (Security by Default).