Policy for information security policies (A.5)

A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties (A.5.1.1)

The senior management team has approved Aarhus University's information security policy as well as the 14 sub-policies (A.5 – A.18). Together, these policies constitute the minimum requirements for all units at Aarhus University.

Aarhus University's information security policy is publicly available at AU.dk, and any additional information security material will be made available to relevant stakeholders.

Relevant information security material must be available in Danish and English.

The policies for information security shall be reviewed at planned intervals or if signifikant changes occur to ensure their continuing suitability, adequacy and effectiveness.

Aarhus University's information security policy must be reviewed annually. The additional information security policies will be reviewed when necessary.

A number of initiatives have been planned and established centrally in order to comply with the above requirements: Re. A. 5.1.1 Policies: The senior management team has approved Aarhus University's information security policy, which together with 14 subjacent policies (A.5- A.18 is being prepared). Together, these policies constitute minimum requirements that cannot be deviated from and that apply for all units at Aarhus University. Re. A.5.1.2 Review of policies: Refer to the central information security management system (ISMS) at Aarhus University.