“Universities handle a great deal of sensitive data. Which is exactly why information security is highly relevant to them,” Professor Dr Peter-André Alt, President of the German Rectors' Conference (HRK) told the press today in Berlin. “This type of data material is particularly generated in research, in the course of managing student data and when collaborating with industry. However, the protection of this data must also be designed in such a way that the freedom to research and teach and the all-important academic exchange are not disrupted.”
Yesterday, the HRK General Assembly in Lüneburg endorsed a paper on the issue, which contains guidelines for middle management in addition to recommendations for university leadership. “This demonstrates the importance we attach to the topic,” explained HRK Vice-President for Digital Infrastructures Professor Dr Monika Gross, under whose guidance the paper was prepared. “Universities are especially vulnerable, mainly due to their global collaborations, the high number of projects that are conducted largely autonomously and the high level of staff turnover. This is why university leadership must consider information security to be a constant challenge. Middle management must establish strategies in line with their particular needs on a sustained basis. Last but not least, the necessary resources must be provided as part of government funding and also via project funding.”
The HRK paper emphasises that information security cannot be viewed as merely IT security. The definition of protection objectives and risk assessment cannot be left to operational IT service providers. As the paper points out, it is the responsibility of the university itself in the eyes of the law. The guidelines do not attempt to outline a – possibly universal – model, but instead describe processes such as measures for heightening awareness, suggestions for the classification of data and the development of data management plans.
Text of the recommendation
