Summary Electronic Information Security Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Summary Electronic Information Security Policy"

Transcription

1 University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture Electronic Information Security Policy Summary Version 04/10/2015

2 University of Chichester Summary Electronic Information Security Policy 2015 Page left blank for duplex printing Electronic Information Security Policy Summary Version 04/10/2015

3 University of Chichester Electronic Information Security Policy 2015 Contents 1 Introduction and core principles Purpose Summary Categories of University Data Types of Storage Network Storage Portable Devices Portable Storage Cloud Storage Appendix A: Summary of Best Practice for the Transmission/Storage of data Appendix B: Summary of personal responsibilities... 6 The University s code of conduct... Error! Bookmark not defined. Personal consequences of infringement... 6 Support and Information Zone (SIZ)

4 Page left blank for duplex printing

5 University of Chichester Electronic Information Security Policy Introduction and core principles Most of the University s activities generate data in one form or another. Information is an important business asset and as such, we all have a responsibility to safeguard its confidentiality, integrity and availability. This policy supports existing policies for information security and data protection by providing additional requirements for storing University data.! It is always the data owner s direct responsibility to ensure their data is safeguarded. 1.1 Purpose The purpose of this policy is to help owners of University data to choose an appropriate storage method that ensures it is protected and managed in accordance with the statutory responsibilities and business requirements of the University. 1.2 Summary Categories of University Data Data that has value to the University of Chichester must be protected during day-to-day on-campus activities, when working off-campus and when using personal devices. Not all University data has the same level of sensitivity and/or confidentiality and so categorising this data can help data owners better understand the steps needed to protect it from unauthorised access or being lost, stolen or intercepted. The following data categories are helpful for identifying the sensitivity of University data: Category A - Public Any data that can appropriately be viewed by anyone, anywhere e.g. press releases, course information, publications, released research data, conference papers etc. Category B - Private Any data where access requires it to be limited to specified members of the University of Chichester on a need to know basis e.g. reports, guidance, collaborative documents, draft documents, teaching materials etc. Category C - Confidential Any data which identifies an individual, either on its own or by reference to other information. It can include expressions of opinion about an individual. As defined by the Data Protection Act (1998). Any personal data consisting of information as to an individual s: - racial or ethnic origin. political opinions. religious beliefs or other beliefs of a similar nature. trade union membership. physical or mental health or condition. sexual life. proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceeding. The University of Chichester s research activity will produce data that could be categorised as public, private or confidential! If you are unsure about how to categorise your data and where you can store your data please contact the Support and Information Zone (SIZ) Support and Information Zone (SIZ)

6 University of Chichester Electronic Information Security Policy Types of Storage Although the University supports a range of storage media, we recommend using network storage wherever possible. Storing University data on the network may not be immediately practical, e.g. when working off campus, however; data users are ultimately responsible for choosing the safest storage option based on legal requirements under the Data Protection Act and their business needs regarding accessibility of information. A summary of the do s and don ts of storage for each categorisation of University data is provided in Appendix A. 2.1 Network Storage Home drives All students and staff have access to network storage known as their home drive or H: drive. This is secure network storage for personal University data attached to their network account, which can be securely accessed from any computer or device connected to the Internet. H: Shared drives Departments may also have additional network storage called shared drives or S: drive. This network storage is linked to groups of network accounts enabling users to collaborate and share files within their department or group. S:! Advantages of using Network Storage Files are protected by University information security systems 1 Files are routinely backed up for business continuity purposes as well as enabling the recovery of data that is accidentally deleted. Files that are saved in one location can be accessed from a number of internet connected devices both on and off campus. This reduces the need for storing multiple copies and increasing the risk of data being inaccurate, lost or stolen.! Network storage can safely be used for all categories of University data. 2.2 Portable Devices University Issued Devices Portable devices (such as laptops, tablets and smartphones) may be issued/loaned to members of the University to allow them to access University resources on the move. Security measures will be taken (such as encryption, user authentication and anti-virus software) to help safeguard University data that is accessed through these devices Personal Devices The University also permits students and staff to access some resources through their personal devices and access is controlled through user authentication. Users also have a responsibility to ensure their devices are protected, e.g. with a passwords, encryption and anti-virus software, even when only accessing public data! If you are unsure about how to manage data on a University issued or on your own device please contact the Support and Information Zone (SIZ) 1 (firewalls, antivirus, encryption and secure authentication). Support and Information Zone (SIZ)

7 University of Chichester Electronic Information Security Policy Portable Storage University Issued Storage Media Portable storage media (CDs/DVDs, USB drives and external hard drives) may be issued/loaned to members of the University for use both on and off campus. Security measures will be taken (such as encryption software) where possible to help safeguard the data stored on this type of media. Personal Storage Media The University does not currently restrict the use of personal storage media; however, their use for private and confidential University data is not permitted. Mobile Telephones Mobile phones cannot be backed-up and recovered from. Mobile phones have very little security, and must not be used to store private and confidential data! Considerations when using Portable Devices and/or Storage Media Files stored only on portable devices and/or storage media have no provision for backup or recovery if they become lost, stolen or corrupted. There is a significant risk of reputational damage and/or litigation for the university and the data owner if data is stored inappropriately on portable devices.! Portable devices and storage media must only be used for the temporary storage of any category of data. The data must be removed and transferred to network storage at the earliest opportunity. If it cannot be avoided, any private and confidential data that has to be copied to University issued devices or storage media, these devices and media must be encrypted 2. Personal devices/storage media, including personal accounts must not be used to store private and confidential data. 2.4 Cloud Storage University Preferred Cloud Storage OneDrive for Business All staff and students have access to the University preferred cloud storage system OneDrive for Business - through Office365. This service offers online storage space for public data that can be accessed from many locations and devices (e.g. tablets, smartphones etc.). The University s contractual agreement with Microsoft provides for acceptable levels of data availability and security. Its use for private and confidential University data is currently not permitted. Other Public Cloud Storage Other commercial cloud providers, such as Dropbox, icloud, Google etc. also offer public online storage. However, the service levels offered by these providers are beyond the control of the University and their use for University data is not permitted.! Considerations when using Cloud storage 2 All University laptops are encrypted when they are signed out, anything copied from a University machine to for example a USB stick, will forcibly encrypt the USB stick before copying any data. Support and Information Zone (SIZ)

8 2.5 University of Chichester Electronic Information Security Policy 2015 Microsoft s OneDrive for Business is protected by industry standard security systems and deleted files are stored in your recycle bin for a short period, currently 90 days. However, there is no guarantee that lost data can be retrieved if it is accidentally deleted. University cloud storage must only be used as temporary storage and data should always be transferred on to network storage. Private and confidential data must not be uploaded to any cloud storage service Synchronisation of data using cloud services onto non University devices must be turned off for all categories of data. University Staff and students have University accounts. Much of the University s day-to-day activities are undertaken using , e.g. documents, business decisions, and requests for service/information. Any private or confidential data acquired or sent via should be removed to network storage as soon as possible. Personal Many staff and students also have personal through providers such as Gmail and Yahoo. The University permits users to access their personal accounts on campus; however their use for private and for confidential data is not permitted. on mobile telephones Mobile phones have very little security. Whether university issued or personally owned, only password protected web- can be used. passwords should not be set to be remembered by the device, and should not be set to download to the device.! Considerations when using is not a completely secure communication tool and there is significant risk that essential business records may be lost during unplanned system outages. University should only be used for temporary storage of data. attachments, and any text containing private or confidential data should always be removed and transferred to network storage 3. Personal must not be used to transmit or store private and confidential data. Mobile phones should only use password protected web-based . You should not use an service that downloads to the device. Any , and especially for mobile telephones, should be password protected, and the device should not be allowed to remember the password.! If you are unsure about how to categorise your data and where you can store your data please contact the Support and Information Zone (SIZ) 3 Chichester University to Chichester University automatically uses encryption, and hence can be used for the transmission or private and of confidential data only if absolutely necessary, however the sent item and the received item should be removed from , and into network storage as soon as possible. Support and Information Zone (SIZ)

9 University of Chichester Summary Electronic Information Security Policy 2015 Appendix A: Summary of Best Practice for the Transmission/Storage of data. Storage Method Category Network Portable device Portable media Cloud A Home (H) Shared (S) University Personal University Personal University Personal University Personal Public B Private C Confidential Approved storage method Approved storage method only if encrypted, and only temporarily until the data can be relocated to network storage Strictly Prohibited Support and Information Zone (SIZ)

10 University of Chichester Summary Electronic Information Security Policy 2015 Appendix B: Summary of personal responsibilities The design of computer systems in which information is created and stored is aimed to be as usable as possible, whilst taking into account the best practices involved in avoiding loss or exposure of information.! IT safeguards can only go so far, and it is how people use the IT that presents the larger risk Minimising risks involves actions and awareness including the requirement to apply the University s policies, abide by the relevant legal requirements, use only authorised accounts with a secret password, make sure you can t be over-looked, or that your equipment cannot be used to access information by someone else. You must inform SIZ immediately if you believe your password to have been compromised, or if any device used to access or store University information (whether owned by the University or by you) is lost or stolen.! The use of any authorised account at the University explicitly binds the user (for example; Staff, Student, Partners and Visitors) to abide by this Electronic Information Security Policy. 2.6 The University s code of conduct In order to use the University s infrastructure and systems, you are required to adopt the following: a) You must inform the University if you believe there may be, or know of any risk of information loss, or unauthorised access to information. b) All users are required to report any misuse of IT systems, any infringement of this policy and any issue that may endanger full compliance with relevant legislation, particularly the Data Protection Act (1998). c) Users should not intentionally cause damage or otherwise jeopardise the integrity of computer equipment, software or network services. d) Users must not knowingly introduce computer viruses to the computer systems, and should take all precautions to prevent their spread. e) Users must abide by all agreements and contracts by which software and any associated information are accessed at or through University computing services. Specifically, users must not install, replace or update any software or information on University computing equipment without appropriate authority. f) Users must not alter or install unauthorised software onto University computing equipment without appropriate authority. g) Users must not take University IT equipment off-site, without the appropriate authority to do so. h) Users must not use any University computing services to gain unauthorised access to any other computing system (internal or external). i) Users must not use University computing services for storing, receiving or transmitting offensive, indecent or obscene material. If there is a genuine academic need to use such material, this should be approved by the Head of Academic Department in advance and arrangements for their access then made with IT Services. j) Users must not use any University computing equipment or service to undertake or support any activity that might be considered illegal, inflammatory or threatening. This includes any form of on-line bullying, political, religious or cultural radicalism, or any unauthorised access to any other person or organisation s computer systems or data. k) Users must not use University computing services for any commercial activity without appropriate authority from IT Services or Head of Department. l) Users are not permitted to use the computing services for private commercial purposes or any other employment outside the scope of that person s official duties or functions. m) IT Disposal users must return any University owned IT equipment to IT Services for secure disposal that meets our legal requirements.! Please Remember: in accordance with Data Protection legislation, you as well as the University are jointly and severally liable for your actions and their consequences. Support and Information Zone (SIZ)

11 University of Chichester Summary Electronic Information Security Policy 2015 Personal consequences of infringement This summary policy is a guide and not an exhaustive list of what you should or should not do, and you should satisfy yourself of the best practices and the principles of law. Any suspected failure to apply reasonable care, and any suspected infringement of the policy or any related legal requirements may result in the user s access being summarily withdrawn pending appropriate investigation, and action under the Disciplinary Policy and Procedure (for staff) action under the Academic Regulations (for students).! Any investigation into data loss, and the failure to comply with the Data Protection Act (1998) may lead to civil or criminal proceedings for you and for the University. Support and Information Zone (SIZ)

Abertay Data Storage Policy

Abertay Data Storage Policy Abertay Data Storage Policy Author Louise Cardno, Business Analyst Reviewer Frazer Greig, ICT Operations Manager Approved by Michael Turpie, Head of Information Services Approval date(s) 03-Jun-2015 Review

More information

Electronic Information Security Policy

Electronic Information Security Policy Electronic Information Security Policy Date of Issue 12 May 2015 Policy Owner Head of ICT, Strategy and Architecture The Data and Systems Security Policy, now entitled Electronic Information Security Policy

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014 WORTHING COLLEGE STUDENT IT SECURITY POLICY October 2014 Policy name Student Information Technology Security Policy Author: Lesley May/Michael Perry Approved by SLT October 2014 Approved by Corporation

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Information Systems Acceptable Use Policy for Learners

Information Systems Acceptable Use Policy for Learners Information Systems Acceptable Use Policy for Learners 1. Introduction 1.1. Morley College is committed to providing learners with easy access to computing and photocopying facilities. However it needs

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

Information Technology and Communications Policy

Information Technology and Communications Policy Information Technology and Communications Policy No: FIN-IT-POL-001 Version: 03 Issue Date: 10.06.13 Review Date: 10.06.16 Author: Robert Cooper Monitor Changes Approved by: Board of Governors Version

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

Information governance guidance for schools

Information governance guidance for schools Information governance guidance for schools Guidance Guidance document no: 186/2015 Date of issue: September 2015 Information governance guidance for schools Audience All staff, governors and learners

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document. Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

ICT POLICY AND PROCEDURE

ICT POLICY AND PROCEDURE ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Internet, Email and Computer Use Policy

Internet, Email and Computer Use Policy Policy Reference Number Internet, Email and Computer Use Policy 16 CP Responsible Department Related Policies Corporate & Community Services Code of Conduct for Elected Members, Records Management, Risk

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

TECHNOLOGY USAGE POLICY

TECHNOLOGY USAGE POLICY TECHNOLOGY USAGE POLICY Computer Usage Policy (CUP). 2 Aims/Objectives. 2 General.. 2 Student Responsibilities 2 Monitoring 3 Access Violations... 3 Personal Devices 3 Internet Safety: Acceptable Usage

More information

Guidance Notes on the Regulations for the use of Information Technology

Guidance Notes on the Regulations for the use of Information Technology Guidance Notes on the Regulations for the use of Information Technology 1 Introduction This guidance expands on the principles set out in the core regulations. It gives many examples of specific situations

More information

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures A. INTERNET ACCEPTABLE USE POLICY OF THE TAUNTON PUBLIC SCHOOLS I. Mission Statement: Academic

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

Information Security Policy. Appendix B. Secure Transfer of Information

Information Security Policy. Appendix B. Secure Transfer of Information Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document

More information

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy ) ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use

More information

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful

More information

Acceptable Use of ICT Policy For Staff

Acceptable Use of ICT Policy For Staff Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy

More information

HAZELDENE LOWER SCHOOL

HAZELDENE LOWER SCHOOL HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016

More information

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either: POLICY Use of Electronic Communication Systems Date: July 2011 1. Policy Statement 1.1 This policy aims to inform staff of The Housing Plus Group s views on use of its telephone systems, mobile phones,

More information

HIPAA Security Training Manual

HIPAA Security Training Manual HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

Information Technology and Governance Committee

Information Technology and Governance Committee Information Technology and Governance Committee Paper Title: Enhancing Information Governance at Loughborough University Author: Information Governance Sub-Committee 1. Specific Decision Required by Committee

More information

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Information Services. Protecting information. It s everyone s responsibility

Information Services. Protecting information. It s everyone s responsibility Information Services Protecting information It s everyone s responsibility Protecting information >> Contents >> Contents Introduction - we are all responsible for protecting information 03 The golden

More information

Email & Internet Policy

Email & Internet Policy Email & Internet Policy Use of email system and internet services Current Document Status Version V0.2 Approving body Acorn Academy Cornwall Date 11 June 2015 Date of formal approval (if applicable) Responsible

More information

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Computer Network & Internet Acceptable Usage Policy. Version 2.0 Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

Electronic Communications Guidance for School Staff 2013/2014

Electronic Communications Guidance for School Staff 2013/2014 Our Lady of Lourdes and St Patrick s Catholic Primary Schools Huddersfield Electronic Communications Guidance for School Staff 2013/2014 Updated September 2013 Contents 1. Introduction 2. Safe and responsible

More information

Research Data Storage Facility Terms of Use

Research Data Storage Facility Terms of Use Research Data Storage Facility Terms of Use By signing up to these Terms of Use, you are agreeing to abide by the terms of the University Policy for the use of the Research Data Storage Facility. 1. Definition

More information

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

E-SAFETY POLICY 2014/15 Including:

E-SAFETY POLICY 2014/15 Including: E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES Version 3.0 17/05/2012 CONTENTS 1. Introduction and Scope... 3 2. Data Protection Act 1998... 4 3. Licence Registration and Prevention of Piracy...

More information

USE OF INFORMATION TECHNOLOGY FACILITIES

USE OF INFORMATION TECHNOLOGY FACILITIES POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy

More information

POLICY ON USE OF INTERNET AND EMAIL

POLICY ON USE OF INTERNET AND EMAIL POLICY ON USE OF INTERNET AND EMAIL OVERVIEW Public sector employees are accountable for their use and management of all public resources including the use of services such as the Internet and electronic

More information

Using Public Computer Services in Somerset Libraries

Using Public Computer Services in Somerset Libraries Using Public Computer Services in Somerset Libraries Somerset Library Service will ensure all staff and users are aware of the computer services provided and the terms and conditions of their use to which

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6

More information

Acceptable Use of Information Systems Policy

Acceptable Use of Information Systems Policy Information Governance & Management Framework Acceptable Use of Information Systems Policy Version 1.3 Produced by: Customer Services & Business Transformation Inverclyde Council Municipal Buildings GREENOCK

More information

Acceptable Use of Information. and Communication Systems Policy

Acceptable Use of Information. and Communication Systems Policy Use of Information Purpose of this document This document describes what is acceptable and what is unacceptable use of the company s systems. It has been prepared to help Intu Properties plc employees,

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

FREDERICK BREMER SCHOOL E SAFETY POLICY 2015-6. Date of Issue: June 2015 Ratified: For review:

FREDERICK BREMER SCHOOL E SAFETY POLICY 2015-6. Date of Issue: June 2015 Ratified: For review: FREDERICK BREMER SCHOOL E SAFETY POLICY 2015-6 Date of Issue: June 2015 Ratified: For review: Index Contents Page Number Introduction 3 Aim of the policy 3 Roles and Responsibilities 4 Frederick Bremer

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

THE LONG EATON SCHOOL

THE LONG EATON SCHOOL THE LONG EATON SCHOOL ICT Security Policy Rules, expectations and advice for students APPROVED BY GOVERNORS: Student ICT Policy Introduction Educational establishments are using computer facilities more

More information

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014 E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including

More information

COMPUTER USE POLICY. 1.0 Purpose and Summary

COMPUTER USE POLICY. 1.0 Purpose and Summary COMPUTER USE POLICY 1.0 Purpose and Summary 1. This document provides guidelines for appropriate use of the wide variety of computing and network resources at Methodist University. It is not an all-inclusive

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Human Resources Policy and Procedure Manual

Human Resources Policy and Procedure Manual Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

E-Safety Policy. Reviewed and Adopted: July 2014. Reviewed by: HT/ LTS. Next Review: July 2015 Annual Policy

E-Safety Policy. Reviewed and Adopted: July 2014. Reviewed by: HT/ LTS. Next Review: July 2015 Annual Policy E-Safety Policy Reviewed and Adopted: July 2014 Reviewed by: HT/ LTS Next Review: July 2015 Annual Policy 1 1. Introduction Internet is an essential element of life in 21st Century; it is also a part of

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly.

2.2 Access to ICT resources at the Belfast Metropolitan College is a privilege, not a right, and all users must act honestly and responsibly. 1 Purpose The purpose of this document is to set out the College's policy and provide guidance relating to the responsible use of the College's ICT resources and systems. 2 General 2.1 Belfast Metropolitan

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

Document Type Doc ID Status Version Page/Pages. Policy LDMS_001_00161706 Effective 2.0 1 of 7 Title: Corporate Information Technology Usage Policy

Document Type Doc ID Status Version Page/Pages. Policy LDMS_001_00161706 Effective 2.0 1 of 7 Title: Corporate Information Technology Usage Policy Policy LDMS_001_00161706 Effective 2.0 1 of 7 AstraZeneca Owner Smoley, David Authors Buckwalter, Peter (MedImmune) Approvals Approval Reason Approver Date Reviewer Approval Buckwalter, Peter (MedImmune)

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

UTC Cambridge ICT Policy

UTC Cambridge ICT Policy UTC Cambridge ICT Policy Lead member of SLT: Designated Governor: Staff Member: Principal TBC Lead IT & Telecommunication Technician Contents Introduction Scope Purpose Monitoring of college systems Prohibitions

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

Internet Acceptable Use Policy

Internet Acceptable Use Policy 1. Overview Quincy College provides Internet access to students, faculty, staff, and administration as part of its educational mission. When the Internet is used appropriately, it can provide a wealth

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

John of Rolleston Primary School

John of Rolleston Primary School John of Rolleston Primary School E-Safety Policy February 2014 Contents 1 Introduction... 2 2 Aims... 2 3 Roles and Responsibilities... 2 3.1 Governors... 2 3.2 The Headteacher... 2 3.3 The Senior Leadership

More information

PS177 Remote Working Policy

PS177 Remote Working Policy PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection

More information

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3

More information

Information Security Training 2012

Information Security Training 2012 Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After

More information

ICT Acceptable Use Policy. August 2015

ICT Acceptable Use Policy. August 2015 ICT Acceptable Use Policy August 2015 Document title ICT Acceptable Use Policy August 2015 Document author and department Responsible person and department Robbie Walker, Information Security Architect,

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

Policy and Procedure Document. Information Security Incident Management Policy and Procedure

Policy and Procedure Document. Information Security Incident Management Policy and Procedure Policy and Procedure Document Information Security Incident Management Policy and Procedure [23/08/2011] Page 1 of 9 Document Control Organisation Redditch Borough Council Title Information Security Incident

More information