The implementation of Information Security and Data Management (ISDM) Policy is a 30-month University-wide campaign which started in March 2017. It aims at bringing up the level of maturity in both information security and data management within the University.
As reported in an earlier issue of ITS News, phase 1 of the ISDM Policy Implementation on “Building Foundation” has been successfully completed during the period March - August 2017.
We are now in Phase 2 on “Bridge Gap” which is scheduled for September 2017 to August 2018.
The first line of data management is at all departments. The focus of Phase 2 is to Bridge Gap from the varied maturity levels in departments towards the goal of understanding the ISDM Policy and start implementing the measures that would be compliant to the Policy. The activities of Phase 2 that ITS is focusing on include:
- conducting trainings to HKU staff
- providing guidance to faculties/departments/schools/centres/offices/work units
- executing improvement plans
Below highlights the encouraging progress achieved under Phase 2:
Almost all departments have nominated their ISDM Coordinators and Data Stewards.
ITS has arranged the following tasks to facilitate departments in protecting their data:
- Designed a Departmental Data Asset Inventory Template (an Excel file) for departments to compile and record the inventory of the important departmental data assets.
- Studied and identified an Information Rights Management (IRM) tool called AIP (Azure Information Protection, a Microsoft Azure product) that can help us in protecting the creation and transmission of confidential and restricted documents.
To facilitate departments in storing their documents in compliance with the requirements of the ISDM Policy, ITS has set up a storage infrastructure called the DDAS (Departmental Data Asset Storage) and run 8 training courses to share the knowhow with departments on how to use/administer it. Every department can apply for a provision of compartment in DDAS and over 80 departments have already applied for it. For inquiries in the use of DDAS, please contact email@example.com.
Knowledge is power. We appreciate very much the active participation of departmental representatives in our trainings and workshops that have been very well received. ITS has held a total of 36 training sessions covering the following topics with 1,544 colleagues attended. The awareness, understanding and practice to implement the Policy is being built up.
The training themes that have been covered in the previous sessions include:
- ISDM Basics
- Data Classification and Data Asset Inventory
- Information Rights Management & AIP
- DDAS Fundamental
- DDAS Administration
- Information Security: Misconceptions and commonly overlooked issues
We will continue to conduct more training sessions and workshops in the coming months to cover the above and more new topics. We will keep departmental ISDM Coordinators informed of the schedule which will also be posted up on www.isdm.hku.hk. Please visit this web site to stay tuned with the latest information about the ISDM Policy Implementation.
Convenor, ISDM Working Group
Tel: 3921 2403