Information security within the University of Bath

Information Security Management System (ISMS) implemented in line with regulatory requirements and to protect our data, funding and University reputation.

News story
Published on Tuesday 7 February 2023
Last updated on Tuesday 7 February 2023
View more announcements in Digital, Data and Technology

A padlock surrounded by circular shapes — Information Security Management

Our vision is to be an outstanding and inclusive University community, committed to excellence in research and education, embracing the opportunities of today’s world and addressing its challenges. To support our vision, we need to ensure operational resilience and integrity of systems and services for the benefit of all students, staff and university stakeholders

In order to maintain service and continuity of operation, we have implemented an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001.

The operation of this ISMS has many benefits including:

Protecting Student and Research Data
Protecting funding to ensure development of the University
Ensuring the continuity of services to Students and Staff
Maintaining and enhancing of University reputation
Complying with legal and regulatory requirements

An Information Security Policy is available in electronic form and will be communicated to all members of the University.

Commitment to the delivery of information security extends to our University Executive and will be demonstrated through Information Security Policy and the provision of appropriate resources to establish and develop the ISMS.

Senior management will mandate a systematic review of programme performance on a regular basis to ensure that information security objectives are met and relevant issues identified through the audit programme and management processes.

We will adopt a risk management approach and processes in line with the requirements and recommendations of ISO/IEC 27001. Risk management will take place at several levels within the ISMS, including:

Assessment of risk to underpin our information security objectives
Regular information security risk assessments within specific operational areas
Assessment of risk as part of the business change management process
At a project level as part of managing significant change

We would encourage all members of our University – faculty, staff and students to ensure that they play their part in delivering our information security objectives.

Chris Youles

Chief Information & Digital Officer