Roles and Responsibilities

ISMS is a structured and systematic approach to protecting information in an organisation. In the ISO context, information refers to all types of information, including personal data. It is not just technology, but a combination of policies, processes, roles and controls that together ensure that information is handled securely and in accordance with AAU's risk profile and relevant legislation, including GDPR, NIS2, etc. Together, these constitute AAU's ISMS. 

Aalborg University's ISMS complies with ISO27001.

AAU's ISMS is therefore defined as the totality of organisational, physical and technical measures relating to overall information security at Aalborg University. 

Systematic management of information security 
AAU's ISMS helps the organisation identify, assess and manage risks associated with information – e.g. personal data, research data and business-critical systems.

Management ownership 
The Rector is ultimately responsible for information security at AAU, including ensuring that resources, objectives and policies are in place.

Continuous improvement 
AAU's ISMS is continuously evaluated and adapted to meet new requirements, threats and needs at AAU.

Compliance and trust 
AAU's ISMS supports compliance with legislations such as GDPR and can be certified according to ISO/IEC 27001 in selected areas, which strengthens the trust of partners and authorities. AAU's ISMS is continually adapted in line with new legislations and the rector's wishes.

Clear division of roles 
AAU's ISMS clearly defines who is responsible, who executes, who advises, etc. through role descriptions.