The University of Cambridge maintains a comprehensive framework of IT policies to safeguard our community against evolving cyber threats, such as data breaches and ransomware. These policies ensure that all members of the University understand their responsibilities in maintaining a secure, resilient digital environment.

Compliance with these policies is essential to protect personal data, maintain research integrity, and ensure the continued availability of university services.

 

Acceptable Use Policy

The University of Cambridge Acceptable Use Policy (AUP) outlines the security standards and responsibilities for all users of University IT systems. Designed to protect against cyber threats like ransomware and data theft, it details essential requirements such as multi-factor authentication, mandatory security training, and proper data management, alongside a timeline for institutional compliance. All members of staff and students should be familiar with this policy.

 

Systems Management Policy

The Systems Management Policy (SMP) establishes the security framework for multi-user computer systems across the University. Directed at system administrators, user account managers, owners and managers of research IT systems and heads of institutions or their deputies, the policy focuses on securing shared infrastructure against cyber threats. It mandates specific technical standards, supported by the implementation of the Tanium compliance monitoring tool.

This policy is currently in a transition period with expected implementation across the University on 1 April 2026.