Woman at a laptop

Information security is everyone’s business. All information has a value, irrespective of personal, sensitive or financial data; the consequences of not looking after it could have serious implications to the organisation you work for or to you personally.

The management of information security is founded on the CIA triad, confidentiality, integrity and availability. The definitions are defined in Protect your data. Depending on the classification of the data, the emphasis on each element of the triad would differ. See the bottom of this page for the University's information security classification policy.


Your passport is one of the most valuable documents an individual could own. In the wrong hands, it would give an attacker the ability to impersonate you. You could lose money, damage your credit rating and reputation, and in an extreme example, your house. It is the centre piece. 

  • Confidentiality - although your passport doesn't contain a huge amount of information about you, it contains enough to be able to aid an attacker in gathering information about you, which can lead to malicious attacks. This document therefore should be stored in a secure location when it is not required for use.
  • Integrity - the integrity of your passport is the most important of the three as this covers the accuracy and trustworthiness of the data. If the integrity of your passport is damaged or defaced, it will make it void and the document will become useless.

  • Availability - depending on how much you travel, your passport needs to be in a valid working condition and available when required, especially in cases of urgency. 

University website

The University of Plymouth's website acts as a marketing tool for the organisation and the courses it offers.

  • Confidentiality - the University website is available to all. The information presented is classified as public.
  • Integrity - only certain members of staff have the ability to change the content on behalf of the organisation.

  • Availability - the University website has to be accessible as often as possible in order to be an effective marketing tool.

Information security classification

The Information Security Classification Policy sets a framework for preserving the confidentiality, integrity and availability of information assets based on their level of sensitivity and value to the University. These documents are designed to provide guidance on how to classify information assets properly as well as how to handle and store them appropriately.