IT Services

IT policies and guidelines

There are a number of regulations and guidelines covering the use of our systems and services. As an IT user at The University of Manchester, you are expected to abide by these regulations and guidelines.

Policies and regulations

• General regulations for the University of Manchester Section XV - Use of IT facilities and services
• Acceptable use policy IT facilities and services
• PC cluster usage regulations
• Halls of Residence network terms of use Hornet website
• Information security policy
• ITS Risk Management Policy Technology risk management within IT Services.

Standard Operating Procedures (SOP)

• ITS Risk Management Describes the procedure for managing IT Risk within IT Services, ensuring that the approach to the identification, assessment, prioritisation and treatment of IT Risks is consistent and effective.
• Acceptable use of IT facilities and services For students
• Acceptable use of IT facilities and services For staff
• Information Governance Risk Review This replaces old process of completing an IG checklist.
• Information security classification and secure handling Standard Operating Procedure for classification of University information assets.
• Authority to access and monitor University IT Account holder communications and data Describes the approval process and record‐keeping where access to account holder data is required.
• Bring your own technology Procedure for using non-University devices and systems to access University data and systems and remote working.
• Collection and acquisition of digital evidence Describes the procedure to be followed to obtain digital evidence to establish compliance or non-compliance with University laws.
• Acquisition or development of IT systems and services Describes the procedure for obtaining approval for the commissioning, developing, maintaining and supporting IT systems and/or services including systems developed by staff other than IT Services or Faculty IT staff.
• Decommissioning University IT facilities Outlines the procedure for decommissioning/retiring IT systems, software, applications, data and associated IT hardware

Technical Security Standards (TSS)

All Technical Security Standards are owned by the Head of Information Governance.

• Authentication TSS Defines the specification for the baseline requirements for authentication across all IT systems managed by IT Services.
• Azure Priviledged Accounts TSS Defines the security controls and processes associated with Privileged Accounts on Microsoft Azure and Active Directory.
• Security Camera Systems TSS Defines the security controls relating to operating CCTV on the University network.
• Cloud Computing TSS Defines the security controls relating to using cloud services.
• Cryptography TSS Defines the security controls and processes associated with cryptography used to protect data both in transit and at rest.
• Email TSS Defines the security controls and processes associated with the University's email systems.
• Firewall TSS Ensuring appropriate controls are maintained and managed in the University’s Firewalls to defend zones and network segments from unauthorised or inappropriate access.
• Logging TSS Defines the security controls and processes associated with logging and auditing events within IT systems.
• Malware Defence TSS Ensuring appropriate controls are maintained to defend against malware exploiting vulnerabilities on the University’s internal network.
• Managed Desktop Environment TSS Defines the standard configuration of Managed Desktop computers provided by the University.
• Minimum Controls TSS Defines the minimum baseline security controls and processes required for a given Information Security Classification.
• Password TSS Defines the security controls relating to user accounts, privileged access management, passwords and other authentication methods.
• Patching TSS Defines the security controls and processes associated with the deployment of security and other patches. Additional guidance on patching is also available.
• Guidance on patching
• Remote Access TSS Defines the security controls and processes associated with remote access.
• Vulnerability Scanning and Penetration Testing TSS Defines the requirements for vulnerability scanning and penetration testing across all IT systems managed by IT Services.