Computer Security

From Wikquality Impact Assessment

Jump to: navigation, search

All feedback is welcomed from internal and external sources. Please email your comments to

Faculty or Service Area: Information Media and Technology Services
Name of policy owner: Shane Buckman
Original policy document: ComputerSecurity.pdf
Creation date: 2007/03/30
Purpose of the policy being assessed:
To layout the principals of computer security to be observed by all of staff responsible for it. This includes both technical computing staff and all staff who use computers.

It was developed by the Head of Computing Services in consultation with other computing staff. It was revised following advice by the University’s auditors. It was ratified by the Information Strategy Group and published on the web and included in staff induction.

Customer groups affected by the policy: Staff
Relevant protected characteristics affected by the policy: Disability, Mode of attendance (part-time or full-time)
Examples of how these protected characteristics are affected by policy with evidence, justification and course of action:
Although the impact of the policy will impact differentially depending on the role a member of staff has, notably if they are a member of staff whose role includes technical computing support, the policy itself applies equally to all staff. In the rare event that disciplinary action is taken for breach of the policy the consistency of this action is monitored by the Director of Human Resources.

The impact of the policy can be considered in two ways:

1) Firstly the impact on the security of the totality of university computer systems. This is monitored by recording security breaches, virus detection, intrusion detection and the like.

2) Secondly the impact is on users who, by the nature and design of the policy, are restricted in what they can or are allowed to do in the use of computer systems. Evidence of this is through exception, usually when a member of staff is prevented from carrying out a particular action and raises this as an issue.

The policy is subject to external scrutiny by the University’s auditors.

The policy is scrutinised by the University’s Information Strategy Group which has representation from all key stakeholders.

All calls and emails regarding computing matters should be directed to the staff help desk and are recorded on the help desk system, Touchpaper, which is used to provide management reports. The existing help desk arrangements are in the process of being reviewed to create a much wider help service which will be significantly more visible and accessible.

The main potential impact is that because the actions which users are enabled to carry out on desktop PCs is restricted staff may need to seek the assistance of technical staff in order to change screen and other settings, install adaptive hardware and install adaptive software.

Some changes to settings or the installation of hardware or software requires administrator rights on the desktop PC. Administrator rights are not routinely given to staff because it is possible then to take actions, either accidentally or deliberately, which would not only impact on the desktop PC but could have a major impact on the wider university data and voice network. In addition the routine use of administrator rights makes a PC, and the network to which it is connected, much more vulnerable to the effects of viruses and other malware. The impact of this is mitigated by access to computing support staff who are able to advise and assist in carrying out changes to configurations and install software and hardware. Staff are assured of prompt attention and support calls will be prioritised appropriately.

The impact is mitigated by ensuring that support staff procedures include the prioritisation of requests which are directly or indirectly in support of changes or installations to provide disability support.

Where appropriate staff will be provided with roaming desktops to ensure the most appropriate screen settings are available even when they use a university PC other than their own.

Supporting evidence: None.
Feedback from Equality Forums and other interested parties:
Feedback on this impact assessment is still being recieved - please email your thoughts to
Complaints will be monitored fro an equality perspective to identify any issues that appear to be associated with particular equality groups. Any issues will be addressed by further investigation and review of the impact assessment.
Consultation open: Feedback on this impact assessment is welcome, but it is not officially under consultation at this time.
Review date: A review date will be set after all feedback has been received and recommendations have been made and implemented.
Personal tools