Information Security Policy

In order to establish policy around Information Security, we need to take into account all possible aspects that cause damage to or problems for the AUAS. For the identified risks, we have established policies that apply to everyone who works at or with the AUAS.

Information Security Principles

This document describes the principles for information security at the AUAS. It describes how the business, information provision and technology within the AUAS must be set up or organised. The organizational objectives, the norms and values and the culture of the institution serve as the basis. The principles must be broadly supported and form the basis for future decisions.

Authorisation policy

For the Amsterdam University of Applied Sciences AUAS) to function properly, it is vital that information be handled with the greatest of care. Students, employees, and other relevant stakeholders should feel safe in the knowledge that information is accessible only to authorised users. The authorisation policy is an important element in the protection of personal and other data of the university and contains guidelines on the application of the key terms with which a user is authorized.

Policy Coordinated Vulnerability Disclosure

(also known as Responsible Disclosure)

The dependence on the digital infrastructure is increasing. It is very important to the AUAS to ensure the security of its systems. In spite of the attention paid to information security, the organisation may still fail to detect a weakness in a product or service, which may, however, be noticed by someone else.
It is therefore important for the AUAS to promote and publish a Coordinated Vulnerability Disclosure policy. For both the organisation and the notifier, the policy clarifies what responsibilities both of these parties have.

Classification Guidelines

Information and information systems

Handling and managing information is crucial to the proper functioning of the Amsterdam University of Applied Sciences (AUAS). Students and staff must be able to rely on information being available when and where it is needed, as well as that it is correct and accurate and only accessible to authorised persons.
This document outlines the classification method used to classify data and information systems according to the quality aspects of Availability, Integrity and Confidentiality, on the basis of which the appropriate level of protection is determined.

Basic set of Operational Measures

The Basic set of Operational Measures (BOM) are information security measures that are used as an additional tool. You can use them to select the right measures during a risk analysis, IB&P and/or DPIA or procurement process.

(Please note: the manual and excel sheet below are in Dutch)

Need help? Contact your Security Officer.

Guidelines on passwords and authentication tools

The Guidelines on Passwords and Authentication tools are a further elaboration of the Authorisation Policy [AUTH] and describe the requirements security codes must meet, along with the prescribed use of authentication tools and methods.

Published by  ICT Services 6 July 2022