Information Management Forum

Highlights of the meeting held on 22May 2017

General Data Protection Regulation (GDPR)
A paper, prepared by Hazel Lauder, set out the requirements of the Regulations, the progress made and what was required to be undertaken over the next year in order to be able to comply with the Regulation.
The role of the IMF was to inform and raise awareness and members were seen as champions, responsible for the roll-out of the information audit which were currently being completed by People Services, Information Services , Admissions and Registry, and for communications.
Workshop Outputs and discussion on the role of champions
The meeting discussed one of the outputs from the Workshop held in March 2017 which concerned what members needed for their role as information security champions. Members asked for clear guidance on how to fulfil this role and how to disseminate information in the area they represented.
Information Policies
A suite of draft policies related to information use and security was considered, namely:
  • Information Security Policy
  • Encryption of Portable Computer Devices
  • Remote Access to Information and Information Systems
  • Monitoring and Accessing information
  • Third Party Access to University Information and Information Systems
  • Information Security for Project Management
  • Acceptable Use of IT Facilities
  • Information Security Incident Reporting and Management
And also
  • Regulations for the Use of IT Facilities
  • Code of Conduct for Use of IT Facilities
The IMF provided feedback and comments which would inform revised versions of the policies which would be taken to the Information Governance Committee for approval
Information and Cyber Security Training
The recent improvement in completion of the Information and Cyber Security Training was noted. IMF members were asked to encourage completion in their School/Department.
Information Risk Register
Further discussion would take place between the Chair, Hazel Lauder and Mark Johnston before submitting the Register to the Information Governance Committee.
Information Classification and Handling Policy Monitoring
A campaign to improve adoption of the policy enhance the use of the Classification Scheme across the University was necessary. In the first instance, members would embed the paper into to the relevant local Risk Registers as a control for managing information classification.
Schedule of meetings
Dates of meetings of the IMF in session 2017/18 are as follows
From 2.00 pm to 4.00 pm
  • Monday 30 October 2017
  • Wednesday 24 January 2018
  • Monday 26 March 2018
  • Monday 21 May 2018