Protecting information created, received and shared by staff and students across the University
The Information Security team is responsible for the development, operation and continuous improvement of information security across the University ensuring the availability, confidentiality and integrity of its information.
We define information security policies and procedures, advise on secure IT arrangements, provide training and practical advice that the University can use to meet business requirements while maintaining security. We are responsible for information security risk management and compliance, and the monitoring of IT systems to prevent and detect attacks.
We work closely with the University's other Information Governance functions, supporting the Legal team with Data Protection compliance and contract reviews, and supporting the Records Management team with aspects of information asset management. We support the University's SIRO (Senior Information Risk Owner), IAOs (Information Asset Owners) and IAMs (Information Asset Managers) in overseeing and promoting the effective management of University information to meet operational and legal requirements, and ensuring that the confidentiality, integrity and availability of University controlled information is maintained at all times.
An information security incident is:
All users who access, use or manage University information are responsible for reporting information security incidents.
This includes concerns about the security of an IT account, computer or University IT service, as well as loss or disclosure of paper information, or weaknesses in a business process.
If you are aware of, or suspect, an information security incident is taking or has taken place, please report it by clicking the button below. Please provide as much detail as you can about the incident.
Manchester Metropolitan University are committed to maintaining and continously improving the security of our systems. We value the assistance of security researchers and others in the security commuinity to assist in keeping our systems secure.
If you have discovered a security vulnerability that falls within the mmu.ac.uk domain name and all subdomains of mmu.ac.uk or any systems in use by the University, please email firstname.lastname@example.org and include:
We ask that:
In response to any responsible disclosure, we will ensure that:
Please treat any information associated with University systems, staff or students that you may have acquired or that you have otherwise become aware of that is not publically available, in a confidential manner. Please do not share it with anyone other than emailing it to email@example.com as part of your responsible disclosure.
For any information security advice or to report an information security incident please contact the Information Security team. Email: firstname.lastname@example.org