Summary of stated purpose
The UCISA Information Security Toolkit is intended to support UK Higher and Further Education institutions in producing Information Security policies to address (and to demonstrate that they are addressing) threats to the confidentiality, integrity and availability of information systems for which they are responsible, and to help meet audit requirements.
It has been constructed as an aid to organisations wishing to put in place a basic information security policy framework. It can be used to develop organisational policies which can then be implemented over a period of time.
Output types
Qualitative
It focuses on functions that have information security implications and provides guidance on how to develop policies around these grouped by organisational policies (e.g. information security, business continuity, compliance); policies about the use of information and information systems (e.g. information handling, user management) and optional policies (e.g. mobile computing).
Supporting evidence
The sections draw heavily on British Standard BS 7799, not least by adopting its structure for control objectives and controls. A survey of institutions in May 2011 identified information security policies in use or development in 18 HEIs http://www.ucisa.ac.uk/en/members/activities/ist/samples.aspx