Security awareness policy for senior leadership

We can’t depend on technical solutions alone to secure our systems and valuable data. People are still the first line of defence against malicious attacks. That's why our Information Security and Data Protection training is mandatory for all University staff. We now offer an Information Security and Data Protection training course for students. For students that handle university data as part of their studies or have been asked to provide a certificate to their department as proof of completion of the information security training, they should complete Staff course.

The aim of the Information Security and Data Protection training course is to ensure staff and students understand their responsibilities in relation to information security and protection compliance legislation.


New staff training being launched at the beginning of 2024

In Trinity Term, we will be rolling out the new staff training course from MetaCompliance to the entire collegiate university. We recommend that you complete the existing Staff course until the new course is available. 



In order to ensure a high level of information security awareness among staff and students, Heads of Departments, Heads of Administration and Finance, Heads of Divisions, and Faculty Board Chairs need to:

  1. Encourage all staff to take the mandatory Information Security and Data Protection training.
  2. There is now a new student training package, which we recommend that students complete, to ensure they fully understand information security and come to view it as an integral part of their day-to-day study and work life
  3. Include the mandatory Information Security and Data Protection training in your divisional, departmental or faculty processes for new starters
  4. Keep an up-to-date record of who has completed information security awareness training
  5. Staff must complete this training annually so the University can remain fully compliant. 
How to comply

Our mandatory Information Security and Data Protection training empowers individuals to make better decisions, not only in how to recognise and respond to potential cyber-attacks, but also to be sure they aren’t inadvertently putting data at risk in their day-to-day work.

Online training

To support you in educating staff in your division, department or faculty, the University offers an online Information Security and Data Protection training which provides a combination of information, case studies and links to additional resources relating to information security.

The University's security awareness training course is mandatory for all staff. Ensuring that your staff have completed this will satisfy the security awareness training requirements of the Information Security Policy. The Information Security team can provide you with monthly reports on the completion of the module within your division, department or faculty.

Other training

If you choose to deliver your own information security awareness training or engage a third party to do so on your behalf, this must be equivalent in content to that of the University's online module. If this applies to your division, department or faculty, please discuss this with the Information Security team.

What we offer

The Information Security team can draw on its broad expertise to provide training and awareness tailored to your needs. This could be a general security awareness presentation to your whole team, or a more detailed one-to-one session to address a specific situation. Information security training is the cornerstone of a balanced programme of protective measures.

Benefits for you:

  • Help people recognise and respond to potential cyber-attacks, phishing and social engineering attempts
  • Protect our staff and students by ensuring teams have up-to-date knowledge about how to handle personal data
  • Reduce the number of security incidents by sharing best practices
  • Help embed information security in day-to-day activities

The service is available to all parts of the collegiate University. The service includes:

  • Assistance with determining the level of risk based on the nature and volume of the data involved
  • Assessing the security controls and contractual arrangements of the supplier to determine if they are fit for purpose
  • Providing advice, assistance and support when dealing with supplier queries and negotiations
  • Making recommendations to help you decide whether the supplier’s security is sufficiently mature



It is University policy that all staff must complete the mandatory Information Security and Data Protection training.