IS Toolkit

This information security toolkit ('the Toolkit') is targeted at specific user groups (e.g. IT staff, administrative staff) and advises you on best practice, and guidelines on a range of possible solutions to technical issues.

The Toolkit focuses on the areas below, each section sets out the recommended best practices mentioned in the IS Policy:

Managing the Unit's Information Security         Risk Assessment

Incident Response

      Data Protection  

Mobile Security, Smartphones, Tablets          Cloud Security   

Email          Encryption          Network Security

Systems Security         Physical Security          Tools

The Toolkit supports you to implement the University's Information Security Policy ('the Policy'). The Policy is in place to reduce the risks to the University of Oxford arising from security failures and to ensure it is better placed to meet its legal obligations, including those relating to personal data under the Data Protection Act (DPA).

The Toolkit is an on-going project and will be updated online by the Information Security team (InfoSec) team regularly, as technologies, threats and vulnerabilities change. The team gratefully acknowledge the contribution of staff from across the University who have reviewed all sections of this Toolkit as it has been drafted. Please contact with your feedback.

Must / Should / May

Throughout this Toolkit we use the words "must" or "should" or "may" to indicate the level of requirement:

  • MUST: "MUST" or "REQUIRED" or "SHALL" mean that the item is an absolute requirement of the Policy
  • SHOULD: "SHOULD" or "RECOMMEND" mean that there may exist valid reasons in particular circumstances to ignore a particular item in this Toolkit, but the full implications must be understood and carefully considered before choosing a different course
  • MAY: "MAY" or "OPTIONAL" mean that an item is truly discretionary



The Information Security Toolkit by the University of Oxford Information Security team, is licensed as Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) Permissions beyond the scope of this license may be available at