Security
Subscribe to this community
Information security management by suppl...
Particularly when we are buying ICT products and services, information from suppliers is likely to have an emphasis on technical security measures – we’ll get lots of information on encryption, compliance with data protecti...
Information security management, supplie...
Through the work done to gain ISO 27001 certification within Jisc we have had to explore, review, understand and improve how we deal with information security issues in products and services we obtain from suppliers. We must understand...
GDPR: Wifi access
Many, perhaps most, wifi access services want to perform some sort of authentication of people who use them (for those providing connectivity via Janet, it's a requirement of the Eligibility Policy). Since authentication involves s...
GDPR: Twelve Steps, Sorted
Although the Information Commissioner's "Twelve Steps to Prepare" is an exce...
Janet Wales service report June 2017
Service report for organisations in Wales connected to the Janet network via PSBA...
Janet North West Regional Delivery Servi...
Please find attached the North West region service report for the month of June 2017....
Janet Cumbria Regional Delivery Service ...
Please find attached the Cumbria area service report for the month of June 2017....
Janet London Regional Delivery Service R...
Please find attached the London region service report for the month of June 2017....
GDPR: Service Categories
Jisc provides a lot of different services: too many for us to look at each one from scratch before the General Data Protection Regulation comes into force next May. Instead, we've identified four different patterns that seem to cover the majority of services. We hope that having a common set of expectations for each pattern will simplify discussions with service managers, c...
GDPR: moving to Information Lifecycle Re...
[UPDATE: the Irish GDPR coalition have a nice infographic on information lifecycles under the GDPR]Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.Many of the requiremen...
GDPR: Web forms and consent
Looking at yet another of those web registration forms that seems to collect more data than required, it occurred to me that there might be quite a neat way to meet the General Data Protection Regulation's requirements for positive, recorded consent.First step, as with anything under the GDPR, it to think about which information is really necessary to provide the service, r...
Article 29 WP on Workplace Monitoring
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and ...
GDPR: 12 Steps Illustrated
I've been trying to produce a visual image to capture the twelve steps to GDPR complia...
Cybersecurity Posture Survey 2017 - Rese...
Research Findings from Jisc's Cybersecurity Posture Survey 2017....
GDPR: What's your justification?
[Updated to include an example where multiple justifications are appropriate]One of the key steps in preparing for the General Data Protection Regulation is to know why you are processing each set of personal data, and which of the six legal justifications applies: consent, contract, legal obligation, vital interest, public interest or legitimate interest. The Regulation signif...
Moving toward GDPR - online briefing 04....
What is the GDPR and what do I need to do?...
GDPR: Public Authorities and Legitimate ...
I was interested to spot that the Article 29 Working Party visited the question of "public authorities" back in 2014, on page 23 of their Opinion on Legitimate Interests. There they note that there are two possible interpreta...
Incident statistics for June 2017
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activit...
What's the data protection difference be...
[UPDATE] a slightly revised version of this post formed our response to the ICO consultation.The Information Commissioner's draft guidance on consent makes a surprisingly broad distinction between public and private sector organisa...
Incident statistics for April 2017
These statistics only relate to information collated by Janet CSIRT and do not provide an ...
Incident statistics for May 2017
These statistics only relate to information collated by Janet CSIRT and do not provide an ...
Using role-based e-mail addresses
An interesting query arrived about when to advertise role-based, rather than individual, e...
Latest activity
Service report for organisations in Kent connected to the Janet network via the KPSN
Service report for organisations in Wales connected to the Janet network via PSBA
Service report for organisations in Yorkshire Humberside connected to the Janet network.
Please find attached the Cumbria area service report for the month of June 2017.
Please find attached the North West region service report for the month of June 2017.
Please find attached the London region service report for the month of June 2017.
