Integrated Research

Campus

A.13.0 Communication Security

Information Security Management System

Document Information

Reference ISMS 27001

Category Information Security Management System (ISMS) Documents
Title Communication Security
Purpose Defining network and communication controls
Owner IRC Information Governance Management Group (IGMG)
Author Charles Hindmarsh
Compliance ISO 27001
Review plan Annually
Related Documents University of Leeds Information Protection Policy
ISMS Mandatory Clauses
A.5.0 Information security policies
A.6.0 Organisation of information security
A.7.0 Human resources security
A.8.0 Asset management
A.9.0 Access control
A.10.0 Cryptography Controls
A.11.0 Physical and environmental security
A.12.0 Operations security
A.14.0 Systems acquisition, development and maintenance
A.15.0 Supplier Relationships
A.16.0 Information security incident management
A.17.0 Information security aspects of business continuity
management
A.18.0 Compliance

Version History

Change
Version Date Update by Approved By Date
description
Samantha
Barry Haynes
1.0 27/06/2016 Crossfield / Initial version 20/10/2016
(Chair of IGMG)
David Batty
Charles New ISMS Andy Pellow
2.0 1/03/2019 22/03/2019
Hindmarsh layout (Chair of IGMG)
Updated
Charles A.13.1.2 Andy Pellow
2.1 07/05/2019 25/09/2019
Hindmarsh A.13.2.1 (Chair of IGMG)
A.13.2.2

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

2 of 8
Communication Security
Information Security Management System

Contents

Introduction.............................................................................................. 4
Purpose .................................................................................................... 4
Applicability ............................................................................................. 4
A.13.0 Communication Security ............................................................ 4
A.13.1 Network Security Management .................................................. 4
A.13.1.1 Network Controls ...................................................................................... 4
A.13.1.2 Security of Network Nervices .................................................................... 4
A.13.1.3 Segregation in Networks ........................................................................... 5
A.13.2 InformationTransfer .................................................................... 5
A.13.2.1 Information Transfer Policies and Procedures .......................................... 6
A.13.2.1.1 Preparation for Transfer ..................................................................... 6
A.13.2.1.2 Data Processing ................................................................................. 6
A.13.2.1.3 Transfer Review ................................................................................. 6
A.13.2.1.4 Data Transfer Log .............................................................................. 7
A.13.2.2 Agreements on Information Transfer ........................................................ 7
A.13.2.3 Electronic Messaging................................................................................ 8
A.13.2.4 Confidentiality, Non-Disclosure and/or Data Sharing Agreements (DSA) . 8

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

3 of 8
Communication Security
Information Security Management System

Introduction
The Integrated Research Campus (IRC) is a University of Leeds IT service. It
provides secure technical infrastructure and services for research data handling,
analytics, application processing and development.

Purpose
This document sets out the network and communication security requirements within
the scope of the IRC Information Security Management System (ISMS).

Applicability
Policies for Transferring Data, Electronic Messaging and Data Sharing (DSA) or
Data Processing Agreements (DPA) apply to everyone. Policies for network security
apply to all those who are authorised to change and develop the services in IT.

A.13.0 Communication Security

This policy refers to communications to and from a Virtual Research Environment
(VRE).

A.13.1 Network Security Management

A.13.1.1 Network Controls

1. A 'default deny' policy exists on the IRC firewall. This means that only traffic
that has been specifically permitted, is allowed.
2. Access to the internet or other UoL systems from a VRE and is denied by the
IRC firewall.
3. Access to VRE’s containing IRC-Confidential information are controlled by
firewalls and thin client service configuration.
4. Access to a VRE’s containing IRC-Secure information are restricted by
Network Access Controls using the registered addresses of a thin-client
device.
5. Firewall configuration changes and/or any other part of the infrastructure,
must follow the Change Management policy (A.12.1.2).
6. Firewall audits are carried out annually.

A.13.1.2 Security of Network Services

1. Only authorised IT Network Team members can access the IRC firewall. A
review of access is carried out at least annually or after any staff changes.
2. All firewall management connections use encrypted transport mechanisms
(SSH) from the campus network.

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

4 of 8
Communication Security
Information Security Management System

3. The IRC firewall sits within the UoL campus network and is not be exposed to
the same external risks as an internet facing firewall.
4. All IRC network traffic to and from the internet is secured using encryption
(A.10.1.2.1 and A.10.1.2.2)
5. Unusual activity that is detected by the central logging service will be recorded
and investigated by the IT Assurance team.

A.13.1.3 Segregation in Networks

The IRC platform has been designed with distinct network zones, with differing
communication policies. Each zone is a Virtual Local Area Network (VLAN) with its
own separate interface on a firewall; effectively a firewall between each zone, and
the rest of the UoL network. Named firewall interfaces, as listed below, reflect the
zone they control.

1. Campus –The UoL campus network.

2. External Gateway – machines in this zone have a public Internet Protocol
(IP) address and communication on defined endpoints is allowed to the
outside world
3. Internal Gateway – machines in this zone have a private IP address and
communication on defined endpoints is allowed between this zone and:
(i) the UoL network,
(ii) the External Gateway zone and
(iii) the Data Services zone.
4. Data Services – machines in this zone have a private IP address and
communication on defined endpoints is allowed between this zone and
(i) the Internal Gateway zone and
(ii) the Research zone.
5. Research – machines in this zone have a private IP address and
communication on defined endpoints is allowed between this zone and the
Data Services zone.
6. Host-management– this zone is for managing servers and only authorised
devices and specific administrators can access them.

A.13.2 Information Transfer

This policy sets the standard for the transfer of data into and out of the IRC and
between secure zones within the IRC.

The policy applies to all IRC users and IT staff involved in the transfer of data. The
DST performs transfers according to policy.

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

5 of 8
Communication Security
Information Security Management System

A.13.2.1 Information Transfer Policies and Procedures

Work instructions that include Transferring Incoming Data, and Transferring
Outgoing Data, provide the detail on how to transfer information into and out of the
IRC. The following policy applies to those instructions:

1. Data Sharing or Processing Agreements (DSA/DPA), Open-Use Licences or

approved recipients identified in a Data Management Plan must be in place
prior to data transfer.
2. DSAs/DPAs should define data type, fair processing, data usage – what for
and how, data accuracy, handling duration, and the remit for transfer. It is
accepted that DSAs/DPAs are mostly defined by the data providers who have
their own information security policies.
3. Data transfer must be in accordance with any ethical, legal, or governance
requirements that apply to, and justifiable in the project context.
4. Transfer of personal data must be undertaken in line with the DSA/DPA, Data
Protection legislation and the UoL Information Protection Policy.
5. Under Data Protection legislation, personal data must not be transferred
outside the European Economic Area without consent or legal justification.
6. Transfer volume and frequency must be in accordance with a DSA/DPA or
Data Management Plan.
7. Data transfers must only be carried out using secure electronic data transfer
systems. The IRC has one, but DST can also download files from a 3 rd party
secure file transfer platform.

A.13.2.1.1 Preparation for Transfer

Data undergoes manual and/or automated processing and review prior to transfer.

A.13.2.1.2 Data Processing

Data processing may be required prior to transfer:

1. All received data are virus-scanned within the IRC gateway zone
2. Data files are checked manually or automatically for disclosure upon entry
and prior to internal transfer or exit
3. Transfer review (A.13.2.1.3) is based on DSAs/DPAs and other legal and
ethical requirements

A.13.2.1.3 Transfer Review

The Information Classification policy (A.8.2) and the data-files are reviewed by the
DST through manual or automated processes prior to transfer.

Prior to transferring personal data, the DST review the consent or other ethico-legal
framework to ensure it covers the proposed transfer. Alternatively, data may be de-
identified or obfuscated at source. Where the data is held on the IRC infrastructure,

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

6 of 8
Communication Security
Information Security Management System

this may be conducted by the IRC Data Services Team (with the appropriate ethical
and governance approval).

IRC users may develop derived datasets from personal data held on IRC
infrastructure.

1. The user prepares the derived dataset (they may request support from the
IRC Data Services Team)
2. The user submits a data transfer request to the Data Services Team and
places the derived data in a specified file
3. The Data Services Team review the derived extract using the ICO
Anonymisation Code of Practice and apply UKDS-accredited statistical
disclosure controls to ensure it is de-identified and classed as IRC Public
4. The Data Services Team release the dataset via the gateway zone

A.13.2.1.4 Data Transfer Log

The DST maintain a log of all transfers and transfer attempts:

1. Authorised transfers are recorded with a reference to a copy of any transfer

agreements.
2. Incidents of risk from unauthorised attempts are reported to the IRC IG
Manager and raised as an incident using the Incident Management Process.
3. The IRC transfer log records the following:
a) Unique asset ID, name and owner.
b) IRC data classification (as per the IRC Data Classification Procedure).
c) Timeframe of data coverage.
d) Data location/s within the IRC infrastructure.
e) Transfer request ID, date and link to copy of the request.
f) Request outcome with link to documentation.
g) Data sharing approval type and link to documentation in asset folder.
h) Data source (supplier and database / system).
i) Date of review / licence renewal submission and review requirements.
j) Transfer method.
k) Data raw file name and date received.
l) Required destruction date and date of destruction.
m) Data users in the IRC environment.
n) Data recipient details.

A.13.2.2 Agreements on Information Transfer

Classified research data can only be shared in accordance with the UoL, funder and
project requirements, and as specified within ethical and contractual agreements and
with a signed DSA/DPA (A.13.2.4).

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

7 of 8
Communication Security
Information Security Management System

All agreements will be kept on the IRC Data Sharing /Licence Agreement register.

If an agreement expires the data must be deleted in accordance with the terms of the
agreement, unless there is clear evidence that the 3rd party are aware of the situation
and that a new agreement is actively been pursued.

A.13.2.3 Electronic Messaging

The secure file transfer service is the only electronic messaging service available for
sending data into and out of the IRC. Files received and sent from this service are
managed by DST.

A.13.2.4 Confidentiality, Non-Disclosure, Data Sharing Agreements

(DSA) or Data Processing Agreements (DPA)
The researcher must sign an IRC user agreement that covers the rules of handling
IRC-Secure and IRC-Confidential data and a scanned copy is kept in a DST user
folder.

To ensure that information is protected, handled and published in accordance with

the requirements of the data provider, a DSA or DPA or Confidentiality Agreement
(CDA) or Non-Disclosure Agreement (NDA) must be put in place between the
provider and the recipient. Refer to Data Sharing Agreements with Bearing on
Information Security (A.15.1.2.1).

Once information is in the public domain (for instance in conversations, seminars,

posters, presentations, publications or by email) it is no longer considered
confidential unless disclosed under an obligation of confidence.

Page Version 2.1 Published 25/09/2019 Classification: IRC-Protect

8 of 8
Communication Security