Below you can find out the information security policy
The purpose of this Policy is to safeguard information belonging to The NTF Group (third parties, clients or customers and the general public), within a secure environment.
This Policy informs the company’s staff entitled to use company facilities, of the principles governing the holding, use and disposal of information.
It is the goal of the Company that:
Information relates to:
The Company requires all users to exercise a duty of care in relation to the operation and use of its information systems.
2.1 Authorised users of information systems
With the exception of information published for public consumption, all users of Company information systems must be formally authorised by appointment as a member of staff, by enrolment as a student, or by other process specifically authorised by the Vice Chancellor. Authorised users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person. The “Network password policy” describes these principles in greater detail.
Authorised users will pay due care and attention to protect Company information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of:
2.2 Acceptable use of information systems
Use of the Company’s information systems by authorised users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people.
2.3 Information System Owners
Company Deans/Directors who are responsible for information systems are required to ensure that:
2.4 Personal Information
Authorised users of information systems are not given rights of privacy in relation to their use of Company information systems. Duly authorised officers of the Company may access or monitor personal data contained in any Company information system (mailboxes, web access logs, file-store etc).
2.5 Individuals in breach of this policy are subject to disciplinary procedures (staff or student) at the instigation of the Dean/Director with responsibility for the relevant information system, including referral to the Police where appropriate.
The Company will take legal action to ensure that its information systems are not used by unauthorised persons.
3.1 The Director of IT Systems has direct responsibility for maintaining this policy and providing guidance and advice on its implementation.
Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence.