This page provides links to the actual versioned and approved documents presented within this site.

Core Architectural Policies & Procedures

• EA-POL-001 – Enterprise Architecture Policy
• EA-POL-002 – Enterprise Architecture Waiver Policy
• EA-PRC-001 – Enterprise Architecture Governance Procedure
• Enterprise Architecture Principles
• EA Waiver Request Form
• Draft Enterprise Architecture Strategy

Roadmaps

• Enterprise Architecture Priorities Roadmap 2016

Enterprise Architecture Strategies

• IT Strategy 2016-2020
• EA-STR-003 – Enterprise Architecture Collaboration Strategy
• EA-STR-007 – Data Centre Strategy V1.1
• EA-STR-008 – In To The Cloud Strategy
• EA-STR-009 – Public Cloud Strategy – A High Level Approach [Working draft]

Enterprise Architecture Internal Procedures

• EA-PRC-004 – Enterprise Architecture Compliance Review Process

Enterprise Architecture Technical Policies

• EA-POL-003 – Acceptable Use Policy
• EA-POL-004 – Production, Testing and Development Systems Separation Policy [working draft]
• EA-POL-005 – Decommissioning Policy
• EA-POL-008 – Enterprise Architecture Policy – Provision of Commodity IT Capabilities
• EA-POL-009 – Enterprise Architecture Policy – Resilience
• EA-POL-010 – Enterprise Architecture Policy – Remote Access
• EA-POL-011 – Enterprise Architecture Policy – Authentication and Authorisation
• EA-POL-012 – Enterprise Architecture Policy – Data Transfer
• EA-POL-013 – Enterprise Architecture Policy – Business Intelligence Capability
• EA-POL-014 – Enterprise Architecture Policy – Hosting
• EA-POL-015 – Enterprise Architecture Policy – Encryption v1.1
  • EA-POL-015 – Encryption Policy (Abridged version)
• EA-POL-016 – Data Processing Policy
• EA-POL-017 – System and Service Investigation Policy
• EA-POL-017 – System and Service Investigation Policy [working draft]
• EA-POL-018 – System Monitoring and Logging Policy
• EA-POL-019 – Service Provisioning Policy [working draft]
• EA-POL-020 – Network Protection Policy [working draft]
• EA-POL-021 – Access Control Policy
• EA-POL-022 – Password Policy [working draft]
• EA-POL-023 – Account Management Policy
• EA-POL-024 – Bring Your Own Device (BYOD) Policy

Enterprise Information Management Policies

• EIM-POL-001 – Information Security Classification Policy (v1.1 published 19/01/2016)

Enterprise Information Management Guidelines

• EIM-GDL-001 – Using the Information Security Classification – Guidance for staff v1.0
• EIM-GDL-002 – Information Security Classification Abridged Version
• OneDrive for Business Guidelines for Use (On libguides site)

Security Policies

Information Security Policies

• • EA-ISP-001 – Information Security Policy (v2.41 published 26/06/15)
  • EA-ISP-002 – Business Continuity Management and Planning Policy (v1.1 draft version 06/03/17)
  • EA-ISP-003 – Compliance Policy (v1.1 published 06/03/15)
  • EA-ISP-004 – Outsourcing and Third Party Access Policy (v1.1 published 06/03/15)
  • EA-ISP-005 – Personnel IT Policy (v1.0 published 17/02/15)
  • EA-ISP-006 – Operations Policy (v1.0 published 13/03/15)
  • EA-ISP-007 – Information Handling Policy (v1.03 published 01/04/15)
  • EA-ISP-008 – User Management Policy (v1.03 published 01/04/15)
  • EA-ISP-009 – Use of Computers (v1.01 published 29/06/15)
  • EA-ISP-010 – Architecture Service Planning Policy (v1.0 published 26/06/15)
  • EA-ISP-011 – System Management Policy (v1.0 published 13/03/15)
  • EA-ISP-012 – Network Management Policy (v1.0 published 01/04/2015)
  • EA-ISP-013 – Software Management Policy (v1.0 published 13/03/15)
  • EA-ISP-014 – Secure Working Policy (v2.0 published 26/06/15)
  • EA-ISP-016 – Cryptography Policy (v1.0 published 13/03/15)

• SEC-POL-001 – Patching Policy
• SEC-POL-002 – Server Naming Policy  (requires University account to access)
• SEC-POL-003 – Payment Card Security Policy
• SEC-POL-004 – Privileged Administrative Accounts
• SEC-POL-005 – Security Incident Response Policy
• SEC-POL-006 – Use of Removable Media Policy
• SEC-POL-007 – Discretionary Membership Policy
• SEC-POL-008 – Network Security – Access Control Policy
• SEC-POL-009 – Vulnerability and Penetration Testing Policy
• SEC-POL-010 – Web Filtering Policy
• SEC-POL-011 – Anti-Malware Software Policy
• SEC-POL-012 – Security Incident Communication Policy
• SEC-POL-013 – Account Lockout Policy
• SEC-POL-014 – Anti-Spoofing Policy

Security Procedures

• SEC-PRC-003 – University Account Access Procedure  (requires University account to access)
• SEC-PRC-006 – Privileged Account Password Change Procedure

Security Guidelines

• SEC-GDL-001 – Secure Online Browsing Guidelines
• SEC-GDL-002 – Secure Connection to PlymNet (on Self Help Site)
  • SEC-GDL-002-1 – Windows – refer to above page for details
  • SEC-GDL-002-2 – Mac – refer to above page for details
• SEC-GDL-003 – University Account Passwords
• SEC-GDL-004 – University Account Access  (requires a University account to access)
• SEC-GDL-005 – Anatomy of a Phishing Email
• SEC-GDL-006 – Mobile Computing Guidelines
• SEC-GDL-007 – Document Encryption
• SEC-GDL-008 – Email Header Information
• SEC-GDL-009 – Encrypting Personal Computers:
  • SEC-GDL-009-M10 – Mac OS Encryption
  • SEC-GDL-009-W7 – Windows 7 Guidelines
  • SEC-GDL-009-W10 – Windows 10 Guidelines
• SEC-GDL-010 – Removing Incorrect Addresses in Outlook
• SEC-GDL-011 – Secure Deletion Guidelines (restricted access currently)
• SEC-GDL-019 – Password Managers
• SEC-GDL-020 – Password Protecting Screen Saver Guidelines

Security Information

• SEC-INF-001 – Removal of Security Protocol – TLS 1 (draft)
• SEC-INF-002 – Compromised Account