Information security policies

Here you can find policies for information security which set out the current rules on how staff must process, protect and store information in order to secure that the security level are maintained at Aarhus University.

The policies for information security apply primarily to unit leaders or other staff with responsibility for an area/a task in connection with which confidential and/or sensitive information is processed or stored.

References in parentheses refer to controls in the ISO 27001 standard.

Do you need help?

Contact the Information Security Unit, if you have questions, comments or need help.

Organizational controls

Policy for information security policies (A.5)

Policy for organization of information security (A.6)

Policy for asset management (A.8)

Policy for access control (A.9)

Policy regarding the use of email for employees (A.13.2.3)

Policy for supplier relationships (A.15)

Policy for information security incident managing (A.16)

Policy for information security aspects of business continuity management (A.17)

Policy for compliance (A.18)

People controls

Policy for human resource security (A.7)

Physical controls

Policy for physical and environmental security (A.11)

Technological controls

Policy for mobile devices (A.6.2.1)

Policy for cryptography (A.10)

Policy for Operations Security (A.12)

Policy for patching (A.12.5.1)

Policy for network security (A.13)

Policy for system acquisition, development and maintenance (A.14)

Template (in Danish) for requesting exemption from policies

Revised 23.03.2026

Informationssikkerhed