Information security policies

Here you can find policies for information security which set out the current rules on how staff must process, protect and store information in order to secure that the security level are maintained at Aarhus University.


The policies for information security apply primarily to unit leaders or other staff with responsibility for an area/a task in connection with which confidential and/or sensitive information is processed or stored. 

References in parentheses refer to controls in the ISO 27001 standard.

NOTE

ISO-27001 is undergoing a revision with a new structureand division of requirements, which are now divided into 4 general categories: 

  • Organizational controls
  • People controls
  • Technological controls
  • Physical controls

Existing requirement are being consolidated into to new policies, some requirements are being deleted, while new requirements have been added. Therefore, the policies will be updated to align with the structure of the revised ISO-27001 standard, including the numbering in parentheses, which is a reference to the ISO-standard itself.