Security Policy for Stockholm University

DECISION January 26, 2017 Ref. no. SU FV-2.11.2-1922-16

Administrator:

Benita Falenius Information Security Coordinator
IT Services

Mattias Wadsten
Head of Safety and Security Property Management Office

Security Policy for Stockholm University

Replaces Information Security Policy adopted by the Vice-Chancellor on 07/03/2013,

Ref. no. SU FV-1.1.2-0290-13 and Security Policy adopted by the Director of Administration on 25/04/2013, Ref. no. SU FV-1.1.2-0327-13.

This policy is the overarching governing document for information security and physical security at Stockholm University. It addresses staff, internal and external contractors and students. The policy is further exemplified through associated guidelines for information security and guidelines for physical security.

The University is to maintain an adequate level of information security and physical security through the application of a working method that is risk and vulnerability-based, systematic and process-oriented.

The security measures taken by the University are to provide protection against phenomena including unauthorised access – both to the University’s tangible property, i.e. premises and equipment, and intellectual property, i.e. data and information owned by the University or knowledge possessed by staff and students. Both tangible and intellectual property are resources that are extremely important to operations at the University, for which reason its confidentiality, integrity, availability and traceability are to be ensured. Security work also includes managing incidents and deviations.

Security work is to be carried out in accordance with:

Information security – SFS 2015:1052 Ordinance on Emergency Preparedness and Surveillance Responsible Authorities’ Measures at Heightened Alert, MSBFS 2016:1Regulations and general advice on the information security of central government agencies,MSBFS 2016:2 Regulations and general advice on the IT incident reporting of central government agencies and SS-ISO/IEC 27001:2014 and SS-ISO/IEC 27002:2014.

Physical security – The Swedish Work Environment Authority’s regulations, the Swedish Theft Prevention Association’s regulations (SSF), the Legal, Financial and Administrative Services Agency’s rules for insurance policies and risk management and SS-ISO/IEC 27001:2014 and SS-ISO/IEC 27002:2014.

Responsibility

The Vice-Chancellor has the overall responsibility for information security and physical security at Stockholm University. The University’s decision-making and delegation policy sets out how the Vice-Chancellor has delegated decision-making power.

Every member of staff is obligated to work actively for greater physical security and information security and to point out deficiencies in these to a superior.

All parties – staff, students, visitors and partners – are to comply with the laws, regulations, guidelines, standards and rules that are prescribed and are to comply with the security procedures applicable to all work at Stockh

Last updated: December 3, 2018
Page editor: Mia Söderbärj
Source: IT Services

Tell a friend

Contact

Governing Documents – Rules & Regulations

Please contact the Office of the President if you have questions concerning Stockholm University's governing documents.
Email: organisation@su.se

The rules and regulations found here in English consist of only a selection of the University's applicable rules and regulations. A complete collection can be found in Swedish by following the link www.su.se/styrdokument

In case of a discrepancy between the Swedish and the English version of the decision, the Swedish version will prevail.

Safety, security and irregularities

Security Policy for Stockholm University

Security Policy for Stockholm University

Security work is to be carried out in accordance with:

Responsibility

Governing Documents – Rules & Regulations