Eco‑responsible  images

Image compression reduces page weight and loading times.

Read more about it

Search in

Information System Security Policy (ISSP)

Object

1.1. Why an information systems security policy (ISSP) at the University of Lausanne?

The University of Lausanne is a research and educational institution. Its primary activity is to create, make available and transmit information and knowledge. It works closely with new technologies. The success of its teaching mission depends directly on the security of its information system. As such, the University takes into account all aspects of information security: it raises awareness of information security and develops an effective information security policy for all its members and partners. By integrating security into all its new projects and continually assessing the risks to the institution’s information system, in particular by means of an information security audit;institution, in particular by means of a risk analysis, the University wishes to have a relevant and precise vision of its security posture.

1.2 A PSSI, for whom?

The purpose of this Information System Security Policy (ISSP) is to express the security strategy of the management of the;Université de Lausanne with regard to its Information System (IS), for all persons and institutions in contact with the Université de Lausanne. This security policy is aimed in particular at those who use, implement, create or modify part of the IS of the Université de Lausanne. The general framework described below is based on the ISO/IEC 27001 standard. It will then be precised by service and faculty according to the applicability of the themes listed below.

1.3. What resources are required for this PSSI?

In order to ensure that the measures implemented are in line with good practice, the University bases itself on recognised international standards, in particular the ISO/IEC 27001 family of standards. The University of Lausanne has decided to make the protection of the personal data entrusted to it a central part of its security strategy, in particular by implementing appropriate technical and organisational measures. The scalability of the process is crucial to ensure that vulnerabilities and threats are taken into account in the information security management plan. To achieve this objective, the University of Lausanne, thanks in particular to the support of its IT Centre, organises internal security audits and implements an information security policy;The management, through its IT Centre, organises internal security audits and implements a continuous improvement programme to regularly review the various security systems and developments at the University of Lausanne. The Management, through the Ci, will update and review this document regularly.