Skip to main content

IT Policies

IT Service

IT Policies


Information Classification and Handling Policy

This Policy sets out the framework for how datais classified and how it should be handled safely in accordance with that classification. This is to ensure compliance with data protection legislation and other legal and contractualobligations. This Policy applies to all items of data that are processed through the University of Worcester and all University of Worcester Staff, Students, Contractors, Guests and third-parties.

Information Classification and Handling Policy


Information Security Policy

The purpose of this policy is to provide guidance for safeguarding the availability, integrity, confidentiality, and authenticity of all the information they hold or access, whether electronic or physical. This document constitutes the University of Worcester’s Information Security Policy, and with the associated policies provides guidance for staff and students. All members of the University have a responsibility to work within the guidelines of these policies.

Information Security Policy ISP-001 v1.0


IT Regulations

The regulations detailed in this document apply to anyone using IT Resources for any purpose at the University, including staff (temporary and permanent), students and visitors. This includes personally owned equipment connected to the University’s network from an external location, or on UW premises.

IT Regulations v2.7


IT Hardware Policy

The purpose of this policy is to provide guidance for the procurement, management and disposal of all IT hardware for the University of Worcester. The policy covers IT hardware purchases relating to the annual planning cycle, ad hoc purchases or upgrades of computer desktops, laptops, iMacs and MacBooks, and peripherals and tablets.

IT Hardware Policy v1.3


Local Administration Policy

This Policy sets out the responsibilities of the University, its staff and its students to comply fully with the process to request and use of local administrator accounts.

Local administrator accounts provide elevated privileges on University computing devices. This allows users to gain significantly greater access to systems, applications and data.

The purpose of this policy is to:

  • Reduce our exposure to Cybersecurity threats.
  • Meet GDPR/Data Security obligations.
  • Prevent inappropriate creation and use of local administrator accounts.

This policy applies to all University of Worcester Staff, Students, Contractors and Guests.

Local Administration Account Policy v2


Microsoft Teams Policy

This Policy sets out the responsibilities of the University, its staff and its students to comply fully with relating to the administration and use of Microsoft Teams at the University of Worcester.

This policy applies to all University of Worcester Staff, Students, and Guests.

Microsoft Teams Policy v2


OneDrive for Business Policy

This Policy sets out the responsibilities of the University, its staff and its students to comply fully with relating to the administration and use of the OneDrive for Business at the University of Worcester.

This policy applies to all University of Worcester Staff, Students, Contractors and Guests.

OneDrive for Business Policy v2


Personally Owned Device Policy

The purpose of this policy is to define the rules, controls, and behaviors required for the use of personally owned devices when accessing university information systems and data

This policy applies to all personal devices used by staff, partners, suppliers, contractors, and other authorised users who use personal devices to access university information and information systems. 

Personally Owned Device Policy v1.1


SharePoint Policy

The main objective of this document is to set guidelines related to the use and administration of
the SharePoint at the University of Worcester.

SharePoint Policy v6


Software Policy

The purpose of this policy is to ensure that the University can manage its software assets effectively, securely and in accordance with legal regulations, licensing rules, and auditing requirements.  

This policy applies to any software whether obtained under ‘shareware’ or ‘freeware’ arrangements or acquired under suppliers’ educational support agreements that is installed as part of the staff or student software image.  This policy does not cover software hosted via a third party (Software as a Service - SaaS) or corporate systems such as Finance, HR, Accommodation and Student Records and the environments on which they run. 

Software Policy v1.1


Staff Email Policy

The purpose of this Policy is to set out the conditions under which the University’s email system, and the client used to access email, Outlook may be used, and the principles for managing messages created or received as part of the University’s business.

This policy applies to all staff and other authorised account holders (i.e. those with @worc.ac.uk email addresses).

Staff Email Policy v1.1


Staff Mobile Phone Policy

The University recognises that to ensure the most effective running of services, communications and business activities, it is necessary for some staff to have access to mobile communication devices.

The purpose of this guidance is to:

  • Ensure that the purchase and use of all mobile devices on behalf of the University is correctly assessed, authorised and monitored.
  • Establish the expectations and responsibilities placed on all University mobile device users.

Staff Mobile phone policy v2.1


User Access Control and Password Policy

The objectives of this policy are to ensure IT accounts are controlled and managed to minimise any security risks. The policy applies to:

  • All individuals with access to university information and information systems, including staff, students, visitors, and contractors.
  • All information processed, accessed, shared, or stored by the University in accordance with its operational activities, regardless of location or format.
  • All university information systems used to process data including, software, computers, networks, mobile devices, and cloud services.

User Access Control and Password Policy ISP-005 v1.0


Back to top