Svenska

About information security

Information security is about how we at Stockholm University protect information in our daily work – regardless of whether you work in teaching, research, or administration. This includes everything from emails and documents to research data and the systems we use every day.

The Information and IT Security section supports all parts of Stockholm University in working securely and safely with information and the systems that process it. Here you will find basic information, content from governing documents, and information about the projects currently being managed.

Information security policy

What is information security?

Information security means that the right person has access to the right information – at the right time.

As a government authority, every employee at Stockholm University is responsible for handling information in accordance with laws and regulations. This means that all of us who work at the university must work in a structured and aware manner with how information is created, stored, shared, and protected.

If information security fails, it can have an immediate impact on daily operations, for example through delays in teaching, research, or administration.

Deficiencies in information security can also lead to violations of laws, such as data protection regulations, and loss of trust in the university and its activities.

IT security is the technical part of information security and concerns the systems, services, and devices used in daily work. IT security helps ensure that information is protected and that the university’s systems function as intended.

An information and/or IT security incident is an occurrence that actually or imminently jeopardises, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or constitutes a violation of law, security policies, security procedures, or acceptable use policies.

If you suspect or experience an information or IT security incident, contact IT Services as soon as possible via Serviceportalen

Always report when you detect:

  • Unauthorised access to systems or information
  • Suspected malicious software (viruses, trojans, etc.)
  • Physical theft or loss of IT equipment such as a laptop or mobile phone
  • Services or systems not functioning as they should, which may be due to a security incident
  • Suspicion that sensitive or confidential information has been exposed or lost

A personal data breach is a security incident that leads to the accidental or unlawful destruction, loss, or alteration of personal data being processed. Some personal data breaches must be reported to the Swedish Authority for Privacy Protection.

The Data Protection Officer (dso@su.se) at Stockholm University must be kept informed of personal data breaches and can provide advice when needed.

As part of the systematic information security work at Stockholm University, information must be inventoried and classified.

 The university provides training in secure information handling through short courses distributed by email. All employees are encouraged to complete this training to reduce the risk of digital intrusions, sabotage, malicious software, and fraud.

Contact

Last updated: 2026-06-03

Source: IT Services