Support for a security policy

What is a good security policy, and how can an institution set up or improve such a policy? SURFnet cooperates with institutions in various working groups to establish a specific policy for higher education and research.

Twee mannen aan een tafeltje met elkaar in gesprek


Identity management has to do with identification, authentication and authorisation. In addition to services such as SURFconext, various guidelines and policy memoranda are also available for higher education and research.


Are your company data's security and continuity and the privacy of your students and employees adequately protected? And what are your chain partners' situations? SURFaudit indicates the minimum of arrangements in terms of security and privacy. Compare audit results of different departments or institutions and see how you are doing.

Project on integrated security in higher education

The project on integrated security in higher education also pays attention to social and physical security. The project focuses on the governance of security in terms of cybercrime, espionage and integrity in 2013 and 2014. The higher education institutions participating in the project work closely with the Ministries of Education, Culture and Science and Home Affairs, the Education Inspectorate, the Integrity Bureau and the Task Force on Governance and Information Security Services. Phase III started in 2015. This phase has ended in June 2016 with a national conference.


Privacy and data protection are of great importance for education and research institutions. The arrival of new European legislation (GDPR) brings many changes. This initiative group for Privacy in Higher Education documents the consequences and advises institutions on how they should interpret the GDPR in order to meet the legal requirements.

Responsible disclosure

Visitors of the website, users of information systems and researchers often encounter errors or omissions in your systems. To ensure that these are reported and handled correctly, it is advisable to use a Responsible Disclosure policy. SURF has drawn up a responsible disclosure model policy and an operational procedure for responsible disclosure for higher education institutions.