Study

Course search

Search for degrees, short courses, CPD and professional courses

A-Z course finder

Explore undergraduate courses by subject, discover your career options and take a virtual tour

Undergraduate

Explore what it means to be an undergraduate student

Postgraduate

Discover our postgraduate study options and fast-track your career

Online learning

Study any time, anywhere, in a way that suits you

Research degrees

Globally connected first class research, explore research opportunities

Useful links

Book an Open Day

Get your prospectus

How to apply

How we support you

Fees and finance

Your Offer

How to enrol

Our Group

Coventry University

Coventry University London

CU Coventry

CU London

CU Scarborough

Coventry University Wrocław

National Institute of Teaching and Education

Life on campus

Accommodation

Find a place to call home. Discover our accommodation options

Living in Coventry

University is more than a place to learn. Explore the city you'll call home

Your Students' Union

Make friends, learn a skill, join a club or society

Student campus life

Explore your social and learning spaces including our 5 storey library open 24 hours

Sports and fitness

Sign up for a gym membership, fitness class or join a sports club

Student blog

Find out first-hand what it’s like to live and study in Coventry

Useful links

Take a virtual tour

Student support

Employability

Global opportunities

Cost of living hub

Keeping you safe on campus

Chat with our students

International

International courses

Take a look at our undergraduate and postgraduate courses open to international students

Fees and funding

Find out about our tuition fees and how to pay them, as well as scholarships, bursaries and discounts available to you

How to apply

Wherever you are in the world, read our information on how to apply for one of our courses

Entry requirements

Learn more about our country specific entry requirements, agents and in-country events

Visa advice

Help and advice from our international student support team

Student support

Help and advice from our international student support team

Useful links

International Pathway Programmes

Explore our global hubs

Coming to the UK

Student accommodation

Chat with admissions

Chat with our students

Cost of living hub

Research

2030 research strategy

Globally responsible research, creating lasting impact

Postgraduate research

Find out about opportunities and support for PGRs

About our research

Discover our research solutions at Coventry

Studentships

Search for funded and non-funded studentships

Research centres

From sustainable agriculture to human security, discover where our research takes place

Research Services

Support for activities throughout the research funding lifecycle

Useful links

Research themes

Research news

Research events

Transport solutions

REF2021

CURIE

Research directory

Business

Partnerships

Partner with us to explore new opportunities

Research and expertise

Share knowledge and expertise

Collaborate with us

Work with our students and graduates

Apprenticeships

Find out how we can help your business through apprentices

SME support

Discover our bespoke business solutions

KEF: Our impact

We support local businesses and communities

Useful links

Hire facilities

CPD courses

Business news

Business events

Contact us

About us

Our history

Find out who we are and what we do

Governance

Explore our academic structure and learn more about who we are

Social impact

Discover the social impact Coventry University has on our city

2030 Group strategy

Creating better futures for our students, colleagues, partners and stakeholders

University news

Read our university news

Careers at Coventry University Group

We recruit the best people to deliver the best experience for our students

Useful links

Events

Contact us

Visit us

Staff directory

Academic calendar

Alumni

Student and staff portals

Student using a laptop in The Hub cafe

Information Security

Within the University Group, the expectation placed upon technology is high - with the need for it to perform effectively, across multiple geographical locations, whilst remaining safe and secure for the business and students alike. This is where information security plays a pivotal role, as we provide the assurance to the business, our partners and students that secure processes, procedures and associated activities are both in place, and remain fit-for-purpose and use.

The specialism of information security continues to evolve, and with our fast-paced business activities and opportunity-driven environments, comes the need for a high level of agility and responsiveness.

To further support this drive towards a more secure environment and to demonstrate our commitment to cyber and information security, the University is also certified for Information Security ISO 27001 Standard, Cyber Essentials and Cyber Essentials Plus.

The following information provides an overview of the information security initiatives and processes that the University group has in place and to inform potential business partners, students and staff of their responsibilities towards information security.

Cyber Essentials Certified Plus logosCentre of sssessment and UCAS management logo

 Quick links
Information Security glossary Why is Information Security important? Information Security responsibilities Security policies and standards Information Security incidents 

Information Security glossary

During your time with the University group, you are likely to come across terms relating to information security. Here are a few helpful definitions and concepts:

  • Information security: often shortened to InfoSec, this is a combination of processes, behaviours and organisational culture all centred around keeping information secure. The aim of information security is to uphold the confidentially, integrity and availability (CIA) of data – a concept known as the CIA triad.
  • Confidentiality: ensuring that data and information is not made available or disclosed to unauthorised individuals.
  • Integrity: ensuring the accuracy of data and information and making sure it can’t be tampered with.
  • Availability: ensuring that data and information is accessible and usable upon demand by someone that is authorised.

Ensuring CIA of information is more than just IT and computers; it is also about people, their knowledge, beliefs, perceptions, attitudes, assumptions, and values around Information Security.

  • Data and Information are used interchangeably to mean information captured, processed or stored by the University or its Subsidiaries.
  • Security Incident - as one or more unwanted or unexpected information security events that have or may have compromised (or have a significant probability of compromising) University operations and/or threatened information security.
  • Event - an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards.
  • Policy - owned at Executive level, it is a formal management statement of intent to reduce risk. It will identify significant risks and effects and state the controls and mitigations in place.
  • Standard - defining what is required to support all or part of the overarching policy, more specifically in relation to areas of risks and their mitigations.
  • Procedures - the mandatory operational instructions and processes required to carry out the controls to enforce the policy.
  • Guidance - non-mandatory recommendations to help achieve the policy’s objectives.

Why is Information Security important?

  • To protect the reputation and standing of the University.
  • To protect the right to privacy of individuals, including their legal rights as data subjects. Find more information on these rights and data protection related information.
  • To protect the intellectual property rights of the University.
  • To ensure that the Legal obligations placed upon the University are met.
  • To aid the continuity of University business.

The University Group ensures this by:

  • Following recognised information security best practices.
  • Applying appropriate information security measures.
  • Providing the necessary information and training so that all staff and IT users accessing and using University systems comply with relevant policies, laws and regulations, including the Data Protection Act 2018 and Computer Misuse Act 1990.

Information Security responsibilities

Information security is everyone’s responsibility, and by adhering to policies and following good information security practices, we can all contribute to protecting the University Group’s data, assets and reputation.

The Vice-Chancellor has overall executive responsibility for the security of the University's information. Specific information security tasks are delegated to certain staff responsible for drawing up University wide policies, standards and procedures.

Depending on your role, you may also have additional responsibilities to ensure that security of information is upheld.

To further support the Group’s security initiatives, the University has a dedicated Information Security and Digital Compliance team, a Cyber Security team responsible for monitoring the security of the Group’s infrastructure, an Information Governance Unit and Data Protection Officer (DPO) in place that deal with matters relating to data protection and privacy rights for individuals.

Individual staff members (including temporary staff, contractors, and agents) are responsible for:

  • ensuring they understand and follow established working practices
  • ensuring that they comply with security policy and associated standards
  • ensuring they comply with the relevant laws and regulations
  • reporting any breaches in security policy or law to the University
  • reporting any identified threats or vulnerabilities immediately
  • undertaking periodic information security staff awareness and training

Managers within the University and its subsidiaries are likely to be custodians of various University information assets on either a permanent or temporary basis. As such, they are responsible for ensuring that their teams and line reports follow established working practices and adhere to relevant policies and standards.

Security policies and standards

The University continues to maintain and develop a comprehensive information security and management policy framework. It has several policies with supporting standards in place to uphold information management, security and governance. All policies and standards are issued under the authority of the Vice-Chancellor who is also accountable for their interpretation and enforcement.

All staff, contractors, and students are expected to follow the policies and standards in place. Regular training and awareness for staff takes place to ensure they properly understand their responsibilities towards information security. Some of the policies and standards included in our framework cover:

  • Clear desk and workspace – to establish the minimum standards for maintaining a secure desk or physical workspace.
  • Incident Management – determines the requirement for reporting information security related incidents and ensuring a consistent and effective approach to the management of Information Security Incidents.
  • IT Acceptable Use – provides a framework for the acceptable use of Coventry University Group’s Information Technology (IT) to ensure that it can be used safely, lawfully and equitably.
  • Removable media and bring your own devices – defines the minimum conditions for using privately owned IT equipment for the purpose of carrying out Group work.
  • Mobile devices – outlines the requirement with regards to using mobile devices to undertake any Group business.
  • Passwords – sets out the requirements for effective password use for anyone with access to and using Group IT systems.
  • Emails – describes the requirement with regards to the use of the email system for Group business processes.

Information Security incidents

The Group encourages all members of the University to assist in the improvement of information security by reporting to the Digital Service Centre, any incidents adversely affecting security. Effective information security incident management is required to protect the confidentiality, integrity, and availability of University information assets, products, systems, and services.

What constitutes an Information Security incident?

A security incident is defined as an unwanted or unexpected information security event that has or may have compromised (or have a significant probability of compromising) University operations and/or threatened information security.

Common examples of information security incidents include:

  • Clicking on a suspicious link or opening a suspicious email attachment.
  • Sending a sensitive email to the wrong recipient.
  • Loss or theft of a device containing University Group or personal data.
  • Loss or theft of ID/access card.
  • Accidental downloads of potentially malicious software or noticing suspicious files on a device.
  • Unusual activity, for example, slow running devices.
  • Unusual behaviour from personnel or visitors.

Once details of a security incident or breach have been reported, confirmed and logged, the Digital Service Centre will employ the following response process:

  • Categorisation
  • Prioritisation
  • Initial Diagnosis
  • Incident Escalation
  • Investigation and Diagnosis
  • Resolution and Recovery
  • Incident/Event Closure

Reporting a security incident

It is everyone’s responsibility within the University to report a security incident if they see it, even if it is an unconfirmed suspicion.

To report a security incident, contact the Digital Service Centre on +44 (0)2477 657 777.

Queen’s Award for Enterprise Logo
University of the year shortlisted
QS Five Star Rating 2023