Information Security


What We Do

The wealth of valuable research data and masses of personal information that the University holds makes it a prime target for external attacks, online fraud and information theft. In recent years, there has been a huge expansion in the number of systems on the University network and the sophistication and number of threats has increased significantly. That is why effective information security is absolutely vital.

The Information Security Team is made up of the Governance, Risk and Compliance Team (GRC) and the Oxford Computer Emergency Response Team (OxCERT). We provide the tools, guidance and support for divisions, departments and colleges to implement effective local arrangements and adequately manage information security risk. We also monitor networks and systems to prevent and respond to external attacks.

The Governance, Risk and Compliance Team

GRC helps divisions, departments and faculties to understand and manage their own information security risks in line with University policy. Our mission statement goes like this:

  • We define and keep the University information security policy framework up to date and fit for purpose, and support divisions, departments and colleges to implement it.
  • We run the online information security awareness module and other tailored training activities upon request.
  • We're responsible for the University’s information security risk management process, supporting departments and faculties with tools, templates and consultancy to manage information security risks associated with their IT, projects and third-party agreements.
  • We work with IT support officers across the University to ensure their IT security control environments are robust.
  • We work with colleagues to identify regulatory and legislative requirements, and ensure their policy and control arrangements adequately meet them.
  • We operate the information security compliance programme to meet University and external requirements, and provide assurance to stakeholders.

Oxford Computer Emergency Response Team

OxCERT is responsible for monitoring network activity and essentially stopping the bad guys getting at our data:

  • We monitor networks across the University to identify risks and issues, and support effective network management.
  • We respond to and manage technical threats ('vulnerability management', in the jargon), working with IT support officers where appropriate.
  • We're in charge of the process for managing information security incidents, liaising with local officers and central functions (e.g. Data Protection and Legal Services) where appropriate.
  • We investigate suspicious activity and compromised systems to solve issues promptly and make sure lessons are learned.

Contact OxCERT

If you have a query or want advice about any information security issue, contact us here or send an email to GRC at:

Please report any IT security-related incidents at the University via OxCERT's online incident form. To get in touch with OxCERT directly:

Find out more