Metropolia’s Information Security Policy
The summary of the policy
Metropolia’s information security policy is a continuously maintained and updated framework that includes a streamlined policy based on the core needs of the university (as outlined in this document), accompanied by associated guidelines and diagrams. In information security management, the responsibility as well as commitment of senior management are highlighted. It is crucial for the leadership to have a clear awareness of the role of security for the university’s vital functions, while simultaneously ensuring that the adopted IT strategy is sufficiently business oriented as per the needs of the university. Students, staff, partners, and stakeholders are accountable for compliance with the security rules. Additionally, every student and staff member must report any observed security risks, deviations, or hazardous situations, such as serious security incidents, to their supervisor or the IT Services. When public communication is needed, it is decided by Metropolia’s Management Group in cooperations with the Communication and Marketing department. Internal communication in respect of information security is managed by the IT Services. An IT violation is considered any action that breaks Metropolia’s rules regarding the use of ICT services, security principles, or any activity that is contrary to Finnish laws. Within the IT Services, the security-related principles and guidelines are reviewed yearly.