IT and Library Services

New systems and processes

You might need to conduct a Privacy Impact Assessment (PIA) or Information Security Checklist when developing new processes, projects or IT systems

As individuals we all want our own personal data to be protected, and to be sure that the systems they are stored on are secure. The university is committed to protecting the personal data which it processes. We need to work together to ensure that this happens. Here are areas to consider when you are processing personal data or designing new ways of processing this data.

PIAs are required when you're collecting information about people

Privacy Impact Assessments (PIA) help you fix problems at an early stage by identifying and minimising privacy risks. A PIA provides reassurance for individuals and for the university. It may help you simplify your processes and collect less data.

Contract or Data Sharing Agreement reviews

This is for new systems or engagements with external vendors/suppliers. If you would like more information about PIAs or data sharing agreements, please contact compliance@gre.ac.uk.

Information Security Checklists are needed when you're using new IT systems

An Information Security Checklist is required if your project, process or system involves software, or any IT system or product, whether designed in-house or procured externally.

The full information security checklist requires input from the requesting department project lead and the vendor. Please provide as much detail as possible on the system and its proposed use at the university.

Information Security Checklist for Free Systems

A lightweight version of the full checklist is required for free tools or platforms. This allows our security team to perform appropriate checks and advise on suitable alternatives where appropriate. As we have no contract with the suppliers, colleagues must read and understand the risks and mitigations of using such free online tools. You can find our Information Security check list for free systems and services here.

An information security checklist may be required for our AMP Process

If you are requesting software via the AMP process which requires data sharing with third parties an Information Security Checklist is also required.

For advice about our Information Security Checklists please email information-security@greenwich.ac.uk.

All our systems require an accessibility statement

Our full list of accessibility statements for all our systems is held on our website. For guidance on testing your new system's accessibility and managing your accessibility statement, please contact compliance@gre.ac.uk.