Information Security Management System (ISMS)

An Information Security Management System (ISMS) is a set of policies, processes and controls that help our University protect its data and systems.

ISMS includes the below:

• Identify and manage security risks.
• Protect the confidentiality, integrity, and availability of information.
• Meet legal, regulatory and contractual requirements.
• Build resilience against cyber threats and data breaches.
• Continuous improvement in our security practices.

This applies to all users including staff, students, affiliates, suppliers and partners accessing UOW technology across all UOW campuses and offices, including, controlled entities and subsidiaries, in Australia and overseas.

Keeping our information safe means you can trust our systems and avoid disruptions to your work and studies.

The Governance Framework outlines how we oversee and manage information security across the University.

This includes the following:

• Risk management: Find, evaluate and treat cyber risks to data and systems
• Governance: Clarify who is responsible and accountable for information security and how it is managed throughout UOW.

Click through for further information about the ISMS Governance Framework [PDF 341KB].

A Business Owner is an individual within the University who is nominated to assume responsibility for an information asset and is authorised to make business decisions with regard to the information asset.

Business Owners are accountable and responsible for making sure their systems and information adhere to the ISMS Framework.

You may delegate responsibility, but you remain accountable for:

• Assessing the criticality of your systems and data
• Ensuring local systems and data have the required security controls in place

A Technical Owner is an individual responsible for maintaining an information asset (IT system or application), throughout its lifecycle including updates, availability, security and any relevant compliance.

Technical Owners must support Business Owners with the implementation and maintenance of security measures defined by the ISMS.

This includes:

• Assessing the criticality of your systems and data
• Implementing new security controls
• Ensuring that systems are patched, supported and maintained
• Configuring systems according to ISMS controls

The University's Information Security Policy sets the key requirements for protecting and securing our information and responding to cyber events.

The Information Security Policy is implemented in line with, and with consideration to the following policies.

• Acceptable Use of IT Resources
• Travelling Overseas with Devices Procedure
• Enterprise Risk Management Policy
• Data Governance and Management Policy
• Data Classification and Handling procedure
• Privacy Policy

Local Protocols are operational-level procedures or practices that apply within a particular academic Unit or division. Local Protocols are subordinate to and must be consistent with all official policy documents. Local protocols are enforceable to the extent of the specific directions which they provide; and to the scope of the division/work unit/areas which they apply.

View the Local Protocols (Staff access only)

Consultation with business and technical owners will continue as we progress to developing our Standard Operating Procedures.

Compliance will not be enforced immediately. A phased rollout over 12-18 months is planned to ensure all stakeholders are gradually informed, consulted and supported as changes are introduced.

The implementation of ISMS will commence with UOW Australia, with plans to extend implementation to GE Offshore campuses in the nearby future.