Procedures for secure Information management

The following procedures are based on the university's guidelines for security and safety at Uppsala University (UFV 2009/1929), guidelines regarding IT (UFV 2016/896) as well as the Swedish Civil Contingency Agency’s regulations on information security for governmental authorities (MSBFS 2020:6).

The procedures have been established for the purpose of

• Ensuring that all handling of information meets the university's requirements for adequate information security.
• Providing advice and support to individual employees and heads of departments or equivalent when considering using cloud services.
• Demonstrating the importance of carrying out information classifications and requirement analysis in all activities where information is handled.

The university’s work with information security is conducted in accordance with the Swedish Civil Contingency Agency’s regulations on information security for governmental authorities (MSBFS 2020:6) and the Swedish standards SS-ISO / IEC 27001 and SS-EN ISO / IEC 27002. The standards mentioned form the basis of the university's guidelines for information security as well as the materials and documents created for the implementation of information classification and requirement analysis. In many cases, information management is affected by legal aspects as well. However, the scope of this document is limited to the security aspects of information management.