Support for a security policy

What is a good security policy, and how can an institution set up or improve such a policy? SURF cooperates with institutions in various working groups to establish a specific policy for higher education and research.

Twee mannen aan een tafeltje met elkaar in gesprek


Identity management has to do with identification, authentication and authorisation. In addition to services such as SURFconext, various guidelines and policy memoranda are also available for higher education and research.


Are your company data's security and continuity and the privacy of your students and employees adequately protected? And what are your chain partners' situations? SURFaudit indicates the minimum of arrangements in terms of security and privacy. Compare audit results of different departments or institutions and see how you are doing.


Privacy and data protection are of great importance for education and research institutions. The arrival of new European legislation (GDPR) brings many changes. The Beyond Privacy Shield Taskforce documents the consequences and advises institutions on how they should interpret the GDPR in order to meet the legal requirements.

Responsible disclosure

Visitors of the website, users of information systems and researchers often encounter errors or omissions in your systems. To ensure that these are reported and handled correctly, it is advisable to use a Responsible Disclosure policy. SURF has drawn up a responsible disclosure model policy and an operational procedure for responsible disclosure for higher education institutions.