Information security policies

While information security covers many aspects, essentially it’s about protecting information.

Aarhus University has an overall information security policy which sets out the guidelines we need to follow and the actions we need to take to ensure information security here at the university.

To supplement the information security policy, fourteen sub-policies for information security have been drafted (A.5 - A.18) in addition to policies for specific areas which set out guidelines for how staff must process, protect and store information in order to ensure that the security level and security measures are appropriate to the classification of data and the need for information security.

Who do these policies apply to?

Anyone at Aarhus University who works with information (regardless of form: written/electronic) in a conversation, in teaching, in the context of work, research or on the go is responsible for protecting any information of a confidential or sensitive nature.

Aarhus University’s information security policy applies to everyone with an affiliation with the university.

The fourteen sub-policies for information security (A.5-A.18) apply primarily to unit leaders (for example, deputy directors, heads of department, centre directors) or other staff with responsibility for an area/a task in connection with which confidential and/or sensitive information is processed or stored.

Do you need help?

Contact the Information Security Unit, if you have questions, comments or need help.

Classification of data

What kind of data are you working with?

It’s important that all staff understand what kind of data they work with, and that you process the data in a way that’s appropriate in relation to their classification. Read about AU’s four data classifications: public data, internal data, confidential data and sensitive data.