Information security policies

While information security covers many aspects, essentially it’s about protecting information.

Aarhus University has an overall information security policy which sets out the guidelines we need to follow and the actions we need to take to ensure information security here at the university.

To supplement the information security policy, fourteen sub-policies for information security have been drafted (A.5 - A.18) in addition to policies for two specific areas (patch and mail) which set out guidelines for how staff must process, protect and store information in order to ensure that the security level and security measures are appropriate to the classification of data and the need for information security.

Who do these policies apply to?

Anyone at Aarhus University who works with information (regardless of form: written/electronic) in a conversation, in teaching, in the context of work, research or on the go is responsible for protecting any information of a confidential or sensitive nature.

Aarhus University’s information security policy applies to everyone with an affiliation with the university. 

The fourteen sub-policies for information security (A.5-A.18) apply primarily to unit leaders (for example, deputy directors, heads of department, centre directors) or other staff with responsibility for an area/a task in connection with which confidential and/or sensitive information is processed or stored. 

Exemptions for IT equipment

If you need to deviate from current information security policies, you can apply for an exemption from the Central Information Security Committee. The committee will assess your application and decide whether or not an exemption can be granted.

Your application must account for the following:

  • The consequences for AU if the exemption is not granted.
  • Where the equipment is located at AU.
  • When a solution will be ready that means you will be able to comply with current information security policies.

Please send your application to