A

Active Directory (AD)

A live directory running on a Microsoft Windows server. It stores account login data and information for administrators to manage permissions and network resource access.

top

C

Chief Information & Transformation Officer (CITO)

The CITO is the role that oversees and supports the Information Management agenda within the University of Warwick. The role holds responsibility for the strategic management and ongoing development of all areas and aspects of information management at the University. This includes ensuring the effective implementation, monitoring of compliance, and reviewing and managing all information management policies.

Classification

Classification of information assets is necessary to ensure that they are appropriately handled and protected to reduce the risk of information breaches and disclosures. The University of Warwick has defined three levels of classification; Public, Protected and Restricted – which broadly map to the UK Government Security Classifications.

Computing Device

Within the context of the University of Warwick, computing device has been defined as all types of device, including desktop and laptop computers, all forms of tablet, all types of mobile devices, all servers, and all other standard devices with the capability to access University systems, whether University managed, University registered, or personal.

top

D

Data Anonymisation

Data anonymisation refers to the process where personal data is permanently changed so that a data subject (the person the data refers to) can no longer be identified. This is different from Data Pseudonymisation where reidentification is possible by applying the key. Data anonymisation normally involves one or more techniques such as stripping or encrypting the data to remove the personal identifiers. If the data is made to be truly anonymised and it is therefore impossible to identify individuals, then the data falls outside the scope of GDPR and therefore has less restrictions on use.

Data Bearing Item (DBI)

A data bearing item is any device that has, or has the potential of, University of Warwick data stored on it. Data bearing items or devices are particularly significant when it comes to disposal. It is essential that any data bearing item or device is disposed of according to a set procedure to ensure that the associated data is also securely managed.

Data Breach

Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data during any form of processing including transmission, storage, usage, etc.

Data Minimisation

Data minimisation means that data collection and processing is limited to what is necessary and that we do not hold more than needed in order to comply with the DPA2018 and GDPR. The University will only collect, and process personal data and information needed for specified and stated purposes. It will have only sufficient personal data to fulfil those purposes and will periodically review the data it holds, deleting anything that it no longer needs.

Data Protection Impact Assessment (DPIA)

A Data Protection Impact Assessment (DPIA) is a process to help identify and minimise the data protection risks involved in projects, processes and activities involving the processing of personal data. DPIA’s are required for processing likely to result in high risk to the individuals and their personal data, and where new technologies are involved. In practice, the University requires the DPIA for any projects or processes involving the use of personal data, including new systems, solutions and some research studies.

Data Protection Officer (DPO)

The DPO has responsibility for informing and advising the University (where it acts as a controller or processor of personal data) of its data protection obligations under the law and to monitor University compliance with the law and with this and any related policies.

Data Pseudonymisation

Data pseudonymisation is a de-identification process where personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. It is a reversible process that de-identifies data but allows reidentification later if necessary. This is different from data anonymisation where the data is permanently changed. Data pseudonymisation is a significant process under UK GDPR as it reduces the risk of exposing personal data to unauthorised parties

Digital by Default

‘Digital by Default’ means making and having information and services available online in a manner that is easily accessible and therefore a natural way for staff to work. For the University of Warwick, the goal is to have all new information assets created and managed digitally, all existing digital assets managed appropriately, and all paper assets converted to and managed as a digital format. The underlying principle is that all files and documents should be ‘born digital’ or ‘made digital’ unless there is a reason not to

Digital Continuity

Digital continuity is the ability to use digital information in the way that you need, for as long as you need. Digital continuity is about making sure that your information is complete, available, and therefore usable for your business needs. Your information is usable if you can: find it when you need it, open it as you need it, work with it in the way you need to, understand what it is and what it is about, trust that it is what it says it is.

Digital Service change

Requests for changes to IT systems or investigating new systems required for services at Warwick can be directed through the Strategic Change Team

Digital Strategy Group (DSG)

A university group that has been established to promote collaboration across University departments on all matters relating to information management, digital strategy, and technology change. The group has representation from a significant number of university departments and is chaired by the Director for Digital Strategy & Transformation

Digitisation

Digitisation is the process of converting information in a physical format into a digital form that can be processed by a computer. Scanning paper records is a common example of digitisation.

Documents

ISO9000 defines a document as “information and its supporting medium”, so it can include a wide range of both hard copy and digital formats and is not simply limited to written information. Documents can be created in many formats, including (but not limited to):

• Letters (digital and hardcopy)
• Policies and guidance
• Reports
• Presentations
• Photographs
• Emails
• Meeting papers and minutes
• Contracts
• Official communications
• Audio recordings

Domain Name System (DNS)

A DNS server is a server that manages the domain name system or DNS protocols, matching Internet domain names and IP addresses. The DNS server may also manage domain resolution services. In the traditional client/server Internet model, DNS servers are built on specific hardware, and run specialized DNS software to accomplish these goals.

top

E

Encryption

Encryption is the process of encoding (or scrambling) information so that it is unreadable and can only be converted back to its original form (decrypted) by someone who (or something which) possesses the correct decoding key. Encryption is a critical element in the storage, movement, and transmission of ‘Protected’ and ‘Restricted’ information as it protects against the risk of interception.

top

F

Firewall

A firewall is a network security device that monitors incoming and outgoing network traffic and permits, or blocks data packets based on a set of security rules. It sits between a computer (or local network) and another network (such as the Internet), controlling the incoming and outgoing network traffic.

top

I

ICO (Information Commissioner’s Office)

The ICO is the UK’s independent body set up to uphold information rights. It is an executive non-departmental public body sponsored by the Department for Digital, Culture, Media & Sport. Its primary function is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has both an advisory and enforcement role; providing guidance to organisations in the handling and management of both personal data and public information, making advice available to individuals on their rights and retaining regulatory and audit powers to assess and fine organisations if necessary.

Identity Management Team (IDM)

Management of the systems and processes that provide identity services to the University.

Information

Information is generally defined as “knowledge or facts about someone or something” and “the communication or reception of knowledge or intelligence”. It can exist in many different formats, but it must have meaning in some context for its receiver. It includes paper-based documents, electronic documents, images, video footage, social media content, statistical or research data, and metadata (being data that are derived from or associated with other data and which describe the characteristics of such data).

Information and Digital Group (IDG)

Information and Digital Group.

Information and Records Management

The function responsible at the University for advice on the efficient and systematic control of the creation, receipt, maintenance, use and disposition of information and records, including processes for capturing and maintaining evidence of and information about business activities and transactions.

Information Asset

Information Asset is a body of information or knowledge that is organised, defined and managed as a single unit. Information assets should be defined at a level of granularity that allows its constituent parts to be managed as a single entity. These single entities (i.e. Information Assets) will have a recognisable value, associated risks, a specific and understandable content and a definable lifecycle.

Information Asset Administrator (IAA)

Providing support to the IAO, the IAA is the individual or one of a number who uses the information asset on a day-to-day basis. They will generally be more familiar than the IAO with the information, any systems and any risks in their area.

Information Asset Owner (IAO)

An IAO is an individual within an organisation that has been given formal responsibility for the security of an asset (or assets) in their work area. They are responsible for the maintenance of the confidentiality of that asset, ensuring that access to the asset is controlled and that the information is securely kept. They provide assurance that any risks to the information asset are managed effectively. IAOs are directly accountable to the CIDO for these activities.

Information Management Profile

An information management profile is a user specific record that sets out that user’s specific digital working environment. It sets such things as display settings, application settings, network connections, licenses, systems access and data access restrictions.

Information Risk and Compliance Team

Team within IDG that reports to the CISO and has within its remit operational responsibility for advising on adherence to the Information Management Policy Framework and its supporting Standards and SOPs as well as other regulatory requirements. The team manages compliance, risk and training in relation to Information Security.

Information Security

The purpose of information security is to protect and preserve the confidentiality, integrity, and availability of information. It may also involve protecting and preserving the authenticity and reliability of information and ensuring that entities can be held accountable. It focuses on the three key elements of: technical security, physical security and personal security.

Information Security Operations (InfoSecOps)

Team responsible for the implementation and monitoring of technical information security controls at the University.

Information Security Operations Team

Team within IDG that reports to CISO and has within its remit responsibility for the implementation and monitoring of technical information security controls at the University which promote adherence to the Information Management Policy Framework and its supporting Standards and SOPs.

Intrusion Prevention System (IPS)

A method of inspecting network traffic that is processed by a Firewall which looks for patterns that might present a risk to the network infrastructure. The IPS will then seek to either actively block or reject the relevant network traffic from being processed. An ‘Intrusion Detection System’ is a similar system but does not actively block or reject traffic based on any results

top

J

JANET (Joint Academic NETwork)

JANET is an electronic communications networks set up for the use of the UK education and research institutions. It is the main backbone network for the UK university system of academic and research computers. JANET is operated by UKERNA (UK Education & Research Networking Association) under contract from JISC (Joint Information Systems Committee) of the UK Higher Education Funding Councils. Any IT activity which uses JANET as a method of connectivity beyond the University campus network is governed by JANETs Acceptable Use and Security Policies.

top

L

Legal Admissibility

Legal admissibility is a concept that means information is of a suitable status to be used in judicial proceedings. Within an information management context this is relevant in terms of both the information content but also how it has been managed. Legal admissibility requires information management processes to be in place, clearly defined and consistently applied, to ensure that any information can by ‘guaranteed’ to be what is seems to be. It is of particular importance when converting hardcopy information to a digital formal. Can it be guaranteed that the digital version is a true representation of the original?

Lifecycle

In the context of information management, the information lifecycle relates to the natural process information goes through from creation (or acquisition) through to eventual archiving or destruction (or deletion). There are a number of stages in this process including creation, organisation, usage, storage and transformation. Throughout all of these stages, information needs to be managed appropriately to ensure that it maintains its integrity, value and accessibility.

top

M

Metadata

Data describing context, content and structure of records and their management through time. Metadata is sometimes referred to as ‘data about data’. There are different types of metadata (e.g. structural, descriptive, administrative, statistical). Some examples include: time and date of creation, description of the record, creator or author of the record.

Mobile Computing Device

Mobile computing devices are a subset of computing devices. Mobile devices are defined as a portable computing or telecommunications device which can be used to store or process information. Examples include laptops, netbooks, smartphones, tablets, USB sticks, external or removable disc drives, flash/memory cards and wearable devices.

top

O

Obsolete Information

Obsolete information can mean ‘no longer in general use’ or ‘discarded’ or ‘replaced’ or ‘outdated’. Information can become obsolete for all these reasons or it can simply be incorrect or incomplete. In all these instances, obsolete information can create confusion as well as actions or outcomes based on bad information.

Optical Character Recognition (OCR)

OCR is the process of translating images of handwritten, typewritten or printed text, usually captured by a scanner, into a machine-readable and editable text.

Organisational and Service Design

Support in making changes to services by helping build teams, new functions and make changes to operating models through the Strategic Change Team

top

P

Patching / Patches

Patching is the process of applying updates (patches) from software developers, hardware suppliers and vendors, to either enhance functionality or to improve security. Patch management is one of the most important activities that can be done to mitigate any vulnerabilities in and protect the University of Warwick IT systems.

Personal Data

Personal data constitutes any information relating to an identified or identifiable living individual, normally called the ‘data subject’. Personal data is of particular relevance for adhering to GDPR and Data Protection requirements.

Personally Identifiable Information (PII)

Personally identifiable information is information that can identify an individual, either directly (e.g. alone) or indirectly (e.g. when amalgamated with other information). This is a term that applies more widely in the US but does link to the definition of personal data more commonly used in the UK. What is PII and What is Personal Data?

Processing

Under the GDPR, processing means any activity which is performed on personal data whether by automated means or other. This broad definition includes activities such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Public by Default

"Public by default" is the starting point for any information, documents and files saved on any University system. Starting point means that in general, all information and communications systems, and all the files and objects that we use within them, should start as open to all individuals.

top

R

Records

The definition of a record used in Warwick’s Information and Records Management Policy is taken from ‘BS ISO 15489-1:2016 Information and documentation — Records management’ and defines records as ‘information created, received and maintained as evidence and as an asset by an organization or person, in pursuit of legal obligations or in the transaction of business. Records, regardless of form or structure, should possess the characteristics of authenticity, reliability, integrity and usability to be considered authoritative evidence of business events or transactions and to fully meet the requirements of the business.

Redundant Information

Redundant information exists when it is duplicated in different places and versions, whether in the same system or across multiple systems. This can create issues with multiple versions and confusion about which is the 'right' one. A key step in managing ROT is to define a 'Single Point of Truth' (SPOT) for each type of information. For example, sending a link to a document enables a single copy to be viewed (and edited, if required) by multiple recipients, without the creation of duplicates which then exist independently of the original document.

Registered File

Information that is held on a paper file that is given a unique identifier (e.g. reference number or has other unique metadata that aids its identification). The unique identifier is captured on a register (e.g. index/catalogue) that is maintained by the business unit that is responsible for the asset in order to aid its efficient retrieval from a storage facility and the control of its other lifecycle events (e.g. disposition or transfer to an Archives).

Risk

Organisational risk is any issue or activity that has a potential to affect the financial or strategic situation of an organisation; the effect of uncertainty on objectives. The aim is not to be stifled by risk but to manage it. The University of Warwick’s approach to risk and risk management is set out in the Governance section of UoW Governance: Risk Management

top

S

Self Service Password Reset (SSPR)

Allows users who have either forgotten their password or triggered an intruder lockout to reset their password using another system and resolve their issues without support (e.g. ServiceDesk).

Senior Information Risk Owner (SIRO)

This is a member of senior management who has overall responsibility for managing organisational information risk and ensuring appropriate assurance mechanisms exist. Any information related risks identified by IAOs should be entered onto the relevant departmental risk register to enable significant information risks to be reviewed by the SIRO. At the University of Warwick, the SIRO is the Chief Information and Transformation Officer (CITO).

Sensitive data / information

Within the University of Warwick, sensitive data is anything that has been classified as ‘Protected’ or ‘Restricted’. This can be a wide range of information including both personal and non-personal data such as research data, business information, financial data. In terms of personal data, according to the GDPR, sensitive data includes the following personal data known as ‘special category’ data;

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data
• biometric data for the purpose of uniquely identifying a natural person,
• concerns health, or
• concerns a natural person’s sex life or sexual orientation.

There are restrictions on how and when sensitive data can be processed which are defined by their classification level.

Software Management

Software management is defined as any procurement, development, installation, regulation, maintenance or removal of software that takes place on computers owned by, managed by or for the University.

Standard Operating Procedure (SOP)

Standard operating procedures are a set of instructions to help staff carry out routine activities. They underpin a culture of quality services and products. A SOP ensures that the relevant process or activity is carried out in the same manner, ensuring the same steps are taken, in every instance that the process or activity is carried out. The aim is to have a consistent output with a near consistent use of resources.

Strategic Change Management

Support in launching and embedding change can be requested through the Strategic Change Team

Strategic Change management - continuous improvement

Support to evaluate transformation projects against their planned benefits and to further embed changes can be requested via the Strategic Change Team

Strategic Change Service Review

Support in providing an independent review of services and then support in introducing key service changes can be requested through the Strategic Change Team

Strategic Change Team

The Strategic Change team is the central service to drive, deliver and evaluate change at Warwick (digital and non-digital) in line with the University Strategy.

top

T

Trivial Information

Trivial information is the material we create in our daily activities that does not meet the standards of a 'record' (meaning evidence of an activity with enduring business or historical research value and managed in line with the University Records Retention Schedule). Trivial information is the material stuff that does not matter and should be deleted when it is no longer needed.

top

U

University Managed Device

A University Managed Device is any computing device that has been purchased by the University and is managed centrally by the ITS team. The ITS team will provide the software and security installation and updates for the user.

University Owned Device

A University Owned Device is any computing device that has been purchased by the University of Warwick and is recorded on the asset / inventory register. University owned devices may or may not be managed by the central ITS team. If it is unmanaged then the individual is responsible for ensuring the security setup and updates are managed.

top

V

Virtual Private Network (VPN)

A VPN is a method of connecting two networks together via na encrypted tunnel over a public or ‘untrusted’ network. The University VPN should be used by anyone connecting to the University network via a public WIFI.

Vital Records

Vital records are records which are essential to the University in order to continue with its business-critical functions both during, and after a disaster. They often need extra consideration in terms of their identification, accessibility and protection to ensure that they are available in all circumstances.

top