Information security - topic specific policies for Information Security

Norsk versjon: Informasjonssikkerhet - retningslinjer

Policies for different areas of application

The objectives of the Policy for information security are achieved through active work within organizational, human and technical action areas. The management system for information security safeguards the identified action areas and who has different responsibilities within each of them, through clear policies. Many of these policies are of an IT technical nature, and are assigned to the Digital Security Section at NTNU as responsible for implementation. Other policies are more organizational and human-oriented, and deal with processes such as deviations, risk management and classification of information. All employees have a duty to participate.

All work on security culture and training will be in accordance with the internal requirements that the policies impose on managers and employees. The purpose is to make the management line better equipped to have an overview and control over their own information assets, and employees better able to safeguard the information security of these in their work processes and in their communication flow.

Topic specific policies for Information Security

The documents were approved by the Director of Organization and Infrastructure on 1 October 2025.

Policy for Access control

Policy for Classification of Information Assets

Policy for Cryptographic controls

Policy for Digital Incident Management and Disaster Recovery

Policy for Discrepancy Reporting and Discrepancy Processing in Information Security and Privacy

Policy for Vendor Information Security

Policy for network and information transfer

Policy for Operative Security

Policy for Risk management in information security

Policy for Securing Personal ICT Equipment

Policy for the processing of personal data

Contact information

Digital Security Section (security@ntnu.no)