Managers are expected to familiarise themselves with the contents of the documents listed below, and to act in accordance with these documents. Furthermore, managers are expected to know about their information security role and responsibilities at Aarhus University.
The documents describe minimum requirements and may need to be supplemented by further local requirements and guidelines.
Managers have overall responsibility for information security in their units, and activities include
- local awareness work throughout the year
- ensuring that all users in the unit have received the right information, training, etc.
- ensuring that AU’s ISMS, information security policy and underlying policies, procedures, rules and all other essential information about information security are communicated, implemented and complied with by all users in the unit, without exception
- developing and applying an adapted local ISMS that is complied with and is at maturity level 3
- developing and implementing local policies and procedures