Information Security Policy

The objective of information security is to ensure the smooth and safe operation of UM and reduce damage by preventing and minimizing the consequences of unwanted information security events.
The purpose of the security policy is to protect the information resources and resources of the UM against all threats, internal or external, intentional or unintentional, in accordance with the recommendations of the ISO / IEC 27001 standard.

The security policy presents in one place collected instructions and standards for providing and managing information security for all users of the information system.

The information security policy includes:

  • ensuring the confidentiality, integrity and availability of information
  • protecting information from unauthorized access, disclosure, alteration or destruction
  • providing education on information security for all employees
  • familiarization with the rules of safe use for all users of the UM information infrastructure,
  • managing all security incidents and taking appropriate action
  • compliance with laws and regulations


All those who have access to the UM information system must meet the requirements of the information security policy.

The information security policy is also published on the UM website (Documents Center – Rules of the University of Maribor – Legal and General Affairs of the UM).

The information security policy consists of four documents:
The umbrella information security policy
Valid from 26.12.2013
Information security policy for users
Valid from 26.12.2013
Information Security Policy for Outsourcers
Valid from 26.12.2013
Information security policy in the field of information and communication technology (ICT)
Valid from 26.12.2013