Terms you have to know
- Familiarize yourself with the Information Security Management System (LSIS)
- Personal data vs. sensitive data
- Know the difference between storing personal data and processing personal data
- The same demands are made of both storing and processing. The regulations say that you must both store and process the same place. Storing and processing different places is not allowed.
- All discrepancies must be reported.
The manager responsibilities
Managers must
- make sure that their employees are familiar with the issues surrounding information security and that they are properly trained in routines and regulations
- be able to catch, receive and report discrepanices
- report significant changes in the processing of personal data or the use of systems or services supporten the activities of their employees
- assist in annual internal audits and on-site inspections carried out by employees of the IT director's staff
About IT systems
Managers must
- be aware of what types of data is processed in the IT systems used where you are the manager
- make sure that local IT is familiar with your IT systems
- familiarize yourself with the part of LSIS pertaining classification of information
- be aware of which IT systems contain personal and/or sensitive data
- make sure that data and documents are only processed in the IT systems meant for processing them. There are to be no data or documents processed in shadow systems that are not properly operated.
About exchanging data
Managers must
- pay special attention to exchanging of data
- only use e-mail for documents that are allowed to be sent via e-mail , according to the IT regulations at UiO
- pay special attention when data is being fetched from IT systems, for example for local work stations or laptops
Other
You must
- pay special attention to the IT travel regulations
- be sure that your unit is following the routines made for hiring, quitting and making changing to work tasks.