Information Asset Management Policy

The purpose of this policy is to ensure that all information assets at UTAS-Sur are properly identified, assigned responsible owners, and classified in a manner that aligns with their nature and security requirements. This helps in determining the appropriate security controls for each asset. 

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated.  

Information Systems and Educational Technologies Center.

‏Assistant Vice Chancellor for UTAS – Sur.

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions. 

Definition of Information Systems: 

Information systems at UTAS-Sur include all infrastructure components that support data processing, storage, and communication. These include: 

• UTAS Computerized systems 

• Application software. 

• Servers. 

• Computing devices, including desktop computers, laptops, and peripheral devices such as printers. 

• Communication systems, including telephony systems and networking equipment. 

• Physical infrastructure related to information security, such as data centers and secure storage facilities. 

• Official documents and records related to university operations. 

 

Identification of Information Systems: 

•  The university must maintain an inventory of all information assets, ensuring proper classification and tracking. 

• The Information Security Department must ensure that all registered information assets are included in the university’s records. 

 

Classification of Information Systems: 

•  Each information asset must be assigned a classification level based on its confidentiality, integrity, and availability requirements. 

•  Classification must be conducted in accordance with UTAS policies and best practices. 

 

Labeling of Information Assets: 

•  Each information asset must be clearly labeled with its classification level to ensure proper handling and security measures. 

 

Responsibilities of Asset Owners: 

•  The designated owner of an information asset is responsible for overseeing its security and determining access permissions. 

• The asset owner is responsible for implementing security controls in coordination with the Information Security Department. 

 

  Updating the Inventory of Information Assets: 

• Regular updates must be conducted to ensure the accuracy of the information asset inventory. 

•  The Information Security Department must oversee this process and ensure that outdated or retired assets are properly managed.