The objective of AU's policy for information security policies is:
A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties (A.5.1.1)
The senior management team has approved Aarhus University's information security policy as well as the 14 sub-policies (A.5 – A.18). Together, these policies constitute the minimum requirements for all units at Aarhus University.
Aarhus University's information security policy is publicly available at AU.dk, and any additional information security material will be made available to relevant stakeholders.
Relevant information security material must be available in Danish and English.
The policies for information security shall be reviewed at planned intervals or if signifikant changes occur to ensure their continuing suitability, adequacy and effectiveness.
Aarhus University's information security policy must be reviewed annually. The additional information security policies will be reviewed when necessary.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
QUESTION GUIDE
Consider the question guide as a tool to navigate the requirements of the policy: