IT Directorate

1. Purpose

This IT Security Policy outlines the measures required to protect the confidentiality, integrity, and availability of university information systems, networks, and data against unauthorized access, misuse, or damage.

2. Scope

This policy applies to all students, staff, faculty, contractors, and external partners who access or use university IT systems, whether on-campus or remotely.

3. Security Responsibilities

• All users must protect their credentials and not share passwords.
• Devices must have updated antivirus and security patches.
• Report any suspicious activities, phishing emails, or data breaches immediately to the IT Directorate.

4. Data Protection

• Sensitive university data must be stored on approved servers or encrypted storage devices.
• Access to confidential information is granted only as necessary for academic or operational purposes.
• Data must not be transferred to personal cloud storage or external devices without authorization.

5. Network Security

• Users must not attempt to bypass network security controls, firewalls, or monitoring tools.
• Only authorized devices may connect to the campus LAN or Wi-Fi networks.
• VPN must be used for secure remote access.

6. Incident Response

• All security incidents must be reported immediately to the IT helpdesk.
• The IT Directorate will investigate, contain, and resolve security breaches promptly.
• Users must cooperate during investigations, including providing device access if required.

7. Compliance and Enforcement

Violations of this policy may result in disciplinary actions, access restrictions, or legal consequences, in accordance with university regulations and applicable laws.