Information Security Code of Conduct

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Security Code of Conduct"

Transcription

1 Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks > & Internet >Software >Aon Information >Data Protection >ID Badges

2 > Contents Aon Information Security Policy...1 Information Security Awareness...2 Eight Steps to Security Passwords...4 Anti-Virus...5 Security Locks...6 Internet & Software...9 Aon Information...10 Data Protection ID Badges...12

3 > Aon Information Security Policy Chief Executive Officer s Introduction Aon relies on its information processing systems to conduct business. In order to ensure that these are adequately protected from unauthorised access or use, all employees, contractors, temporary employees and business partners must abide by these policies, procedures, and guidelines. Failure to do so may result in disciplinary action, including possible termination of employment and legal action. It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally. >Aon IT Security Policy Robert Brown Chief Executive Officer, Aon Limited It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally 1

4 >Inormation Security Awareness > Information Security Awareness 1 Always 2 Ensure 3 Laptops 4 Internet 5 Never 6 7 Protect 8 Eight Steps to Security select strong, secure passwords (a mix of alpha and numeric minimum 8 characters). Never share or write down your passwords. that anti-virus protection software is installed, up to date and operational on your PC or laptop. must be securely locked at all times by using security locking cables. Information which is highly confidential to Aon and stored on Aon laptops must be encrypted. and are to be used for business purposes only. Always delete any unsolicited (spam/junk) from unknown recipients. Never open non business-related attachments and don t distribute non business-related to anyone. install unauthorised software on Aon s PCs or laptops. Never attach unauthorised devices to Aon s IT networks, PCs or laptops. Never disclose Aon information without validating the identity of the requester. Ensure you are authorised to disclose the information. Aon s information in all its forms. Classify information. Lock away confidential material. Shred unwanted printed information. Operate a clear desk policy. Always wear your ID badge. Politely challenge those without Aon ID badges who are in Aon offices. Keep Aon premises secure and report any suspicious activity to Premises Security. 2

5 Warning regarding Monitoring of Aon Systems Aon monitors its IT systems. Abuse of Aon IT systems and information assets and failure to comply with company policy is a disciplinary offence which may result in termination of employment and/or legal action against the offender. >Information Security Awareness Storage of Personal Information on Aon IT Systems or Resources Aon s systems are for Aon business use and not for personal, non-business activities. If employees store personal information on Aon IT resources then Aon cannot guarantee that it will remain confidential. Employees are advised not to store this type of personal information on Aon s systems or resources. 3

6 >Eight Steps to Security > Eight Steps to Security Always select strong, secure passwords. Never share or write 1down your passwords. Why? Weak passwords are easy to crack. A weak password means our security can be broken and information disclosed, changed or deleted. You are issued with a personal user-id and password for your exclusive use. Aon s system audit trails makes you personally accountable for the use of your user-id. For this reason, you must never give your password to anyone, including IT staff*. Watch out for password scams when you receive an looking authentic requesting you to disclose your password. These are hoaxes but many Internet banking customers have been caught out by their own gullibility. 4 Make your password easy for you to remember but difficult for others to guess. To create a strong password : It must have at least 8 characters and a mix of alpha and numeric characters eg M0use#12 (using zero not the letter O in Mouse) Mix upper and lower cases Avoid using words in dictionaries or names or things which others may associate with you, eg children s names or dates of birth * Note: If you do have to disclose your pasword for IT support purposes then please change it afterwards to minimise risk of exposure Watch out for password scams when you receive an looking authentic requesting you to disclose your password.

7 Ensure that anti-virus protection software is installed, up to date and 2operational on your PC or laptop. Why? Virus and other malicious code is the most common source of major disruption to IT systems. Prevention is better than cure. Aon invests a lot of money and effort in anti-virus controls. It is imperative that employees help to maintain the effectiveness of these controls by doing the following: >Eight Steps to Security Never tamper with anti-virus software controls. These are normally locked down (ie cannot be edited) but please don t attempt to make changes if this is not the case Laptop users must check their anti-virus definitions are up to date on a regular basis (at least monthly). Visit the IT Intranet for instructions. ( Always read and act upon Information Security Services UK notifications regarding new virus threats Never stop the automatic download of new anti-virus definition files to your PC or laptop. Laptop users are advised to update these files when they are in Aon offices rather than via remote access Virus and other malicious code is the most common source of major disruption to IT systems. 5

8 >Eight Steps to Security Laptops must be securely locked at all times by using security locking cables. Information which is highly confidential to Aon and stored on laptops must be protected using the 3Aon encryption product. Why? Laptops are easy to steal or lose and contain lots of intellectual capital and Aon information, some of which may be confidential to our clients. All of our employees have a duty to protect Aon s information. Laptops must be protected in the following ways: Always lock the device using the locking cable provided. If you do not have a cable then order one immediately via the IT service desk (Extn 199 internal) Lock the laptop away at night in a secure cabinet if it is not required. Out of sight is out of mind Never leave laptops unattended in cars or hotels, while travelling. Secure them or keep them with you All of our employees have a duty to protect Aon s information. Always use PointSec encryption product if you have Aon highly confidential information on the laptop (that is information which could cause significant damage to Aon if it were disclosed (medical records, kidnap/ransom, merger and other Aon stock-related information not in the public domain). PointSec must be purchased from the IT Procurement Catalogue 6

9 Internet and are to be used for 4business purposes only. Why? is the preferred method for business and personal communications. However, all messages sent from Aon s systems carry the Aon name. Inappropriate damages Aon s reputation. For this reason Aon s system is for business use. Personal use is tolerated if in moderation and does not contain any inappropriate comment or material. The following rules apply: Do not send which contains inappropriate content or causes harassment (eg obscene or defamatory messages) If you receive inappropriate then delete the message preferably without opening it Only act upon information security warnings issued by Aon IT. There are many hoax warnings never forward these to anyone in Aon or externally. >Eight Steps to Security Never open non business-related file attachments. These could be new virus-infected files. Delete them immediately Do not forward jokes or chain letter s. These can cause significant waste of employee time and harassment to the recipients Only act upon Information Security warnings issued by Aon IT. Beware of hoax warnings. Never forward these to anyone in Aon or externally 7

10 >Eight Steps to Security Similarly, the Internet is a key business resource tool. The Internet must be used for business purposes and personal use must be kept to a minimum. The following rules apply: Never use the Internet in a way that may be offensive, disruptive or harmful to Aon s reputation. Personal surfing is only permitted if used in moderation, if appropriate sites only are accessed, and outside of core business hours (lunch break, before or after 18.00) Never attempt to access any offensive sites. Attempts to access inappropriate non business-related Internet sites are logged and you may have to explain your actions to your line manager Never use the Internet in a way that may be offensive, disruptive or harmful to Aon s reputation Never download any software including games and music files. This may be an infringement of copyright laws. Business tools and other applications need to be authorised by Aon IT before they may be used within Aon s environment Access to web mail/internet accounts such as hotmail and yahoo mail is prohibited. Webmail providers are considered high risk as they are often the source of virus infections 8

11 Never install unauthorised software or attach unauthorised devices to Aon IT 5resources or networks. Why? The use of unlicensed software on a computer is a criminal offence. It is easy to download software from the Internet or load personal software and not realise that the law is being broken. All software programs have terms and conditions, as set out by the software publisher or owner of the copyright and these must be adhered to and managed by Aon. Unauthorised devices may disrupt Aon s networks especially if they are infected with viruses or malicious code. >Eight Steps to Security The following rules apply: Never install any unauthorised software (including Freeware and Shareware) onto any of Aon s devices Games, music and non business related pictures must not be installed on any computer Never attach any unauthorised devices including mobile phones, PDAs (eg Palm or IPAQ) and other IT equipment. Contact your IT Helpdesk for further information Never install any unauthorised software onto any of Aon s devices. When storing data on USB hard drives you must ensure the data is secured (encrypted) to avoid exposure of company or client data eg use Winzip to encrypt data. Before connecting any USB hard drive to the Aon network ensure it is scanned for viruses Contact your IT Helpdesk for further information on how to do this or visit All software must be ordered and installed following Aon IT processes and procedures 9

12 >Eight Steps to Security Never disclose Aon information without validating the identity of the requester. Ensure it is appropriate to disclose the 6information. Why? Disclosing information to the wrong people can cause major damage to Aon. It can also be a breach of the Data Protection legislation. Please consult the Data Protection Policy on the Knowledge Exchange for further information. Disclosing information to the wrong people can cause major damage to Aon. The following rules apply: Verify the identity of the person requesting the information Ensure they have a valid reason and are authorised to obtain the information Trust your instincts. If you are suspicious, refer the request to your line manager 10

13 Protect Aon s information in all its forms. Classify information, lock away confidential material and shred unwanted information. Operate a clear 7desk policy. Why? Information comes in many forms (eg written, spoken and electronic media ) and it needs protecting as it is created, stored, utilised, communicated and finally deleted. This is the information life cycle. There is no point having expensive IT security controls to protect confidential information if our employees leave information unprotected on their desks, or throw material away without placing it in the Confidential Shredding sacks. The following rules apply: Classify information when it is created (Aon Internal, Aon Confidential, Aon Highly Confidential). Please refer to the Information Classification Matrix within the IT Security Policy ( home/info_security/policies/default.jsp) Store information appropriately. Lock away confidential material. >Eight Steps to Security Use footers to label documents, presentations and files with the Aon classifications. This helps others to know how to protect the information Operate a clear desk policy everyday Store information appropriately. Lock away confidential material Use confidential shredding facilities (bags or shredding machines). Always take personal responsibility for shredding Aon Highly Confidential information 11

14 >Eight Steps to Security Always wear your ID badge. Politely challenge those in Aon offices without Aon ID badges. Keep Aon premises secure and 8report suspicious activity. Why? Aon cannot protect your workplace if strangers are allowed into our offices without being challenged. Some Aon locations do not have ID badges but don t be afraid to ask politely who strangers are and if you can help them to verify that they are in the right place. The following rules apply: Don t let strangers in if they don t have a badge direct them to reception. If you work in a site where Aon ID badges are issued to all staff, you must wear your badge at all times. Don t let strangers in if they don t have a badge direct them to reception Report suspicious activity to Premises Security in London For the 55 Bishopsgate office call

15 It is every user s responsibility to use Aon Limited and its associated companies computer resources and facilities responsibly, ethically, lawfully, and professionally >IT Security Basics Guide For further information regarding Aon s information security controls, policies and procedures, please refer to Aon s Intranet Knowledge Exchange at:

16 Aon Limited 8 Devonshire Square London EC2M 4PL United Kingdom tel: +44 (0) fax: +44 (0) Published by Aon Limited. Registered office 8 Devonshire Square, London EC2M 4PL. Copyright Aon Limited All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any way or by any means, including photocopying or recording, without the written permission of the copyright holder, application for which should be addressed to the copyright holder. Aon Limited is authorised and regulated by the Financial Services Authority in respect of insurance mediation activities only. BC This document has been produced using a minimum of 50% recycled material from a sustainable forest.

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

INTERNET, E-MAIL USE AND

INTERNET, E-MAIL USE AND INTERNET, E-MAIL AND TELEPHONE USE AND MONITORING POLICY Originated by: Customer Services LJCC: 10 th April 2008 Full Council: June 2008 Implemented: June 2008 1.0 Introduction and Aim 1.1 The aim of this

More information

Acceptable Usage Guidelines. e-governance

Acceptable Usage Guidelines. e-governance Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

Information Services. Protecting information. It s everyone s responsibility

Information Services. Protecting information. It s everyone s responsibility Information Services Protecting information It s everyone s responsibility Protecting information >> Contents >> Contents Introduction - we are all responsible for protecting information 03 The golden

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY Version Author Date Approved by Board 2009-1 Gillian Kirkup 24 March 2010 Page 1 of 8 THE RICE MARKETING BOARD FOR

More information

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage. Penrice Academy Acceptable Use Policy for Mobile Digital Devices including ipads September 2014 Date of Review: May 2015 Introduction Penrice Academy ( The Academy ) may grant a licence to use ipads or

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Computer and Telephone Systems: Acceptable Usage Policy

Computer and Telephone Systems: Acceptable Usage Policy 1) Introduction a) The school expects its computer and telephone systems to be used in a professional manner at all times. The school provides these facilities at its expense for its own business purposes.

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

E-Safety and Computer Security Rules

E-Safety and Computer Security Rules E-Safety and Computer Security Rules Process / Signatures Portfolio Team Portfolio Team Lead Principal Chair of Governors Behaviour Safety & Ethos Mrs K Mitford Dr J V Edwards Mrs K Mitford Presented 2

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security

More information

Data Protection Division Guidance Note Number 10/08

Data Protection Division Guidance Note Number 10/08 Gibraltar Regulatory Authority Data Protection Division Data Protection Division Data Protection Division Guidance Note Number 10/08 Monitoring of Staff Guidance Note Number 10/08 Issue Date: 06/11/2008

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Online Communication Services - TAFE NSW Code of Expected User Behaviour Online Communication Services - TAFE NSW Code of Expected User Behaviour State of NSW, Department of Education and Training, TAFE Customer Support Copies of this document may be made for use in connection

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

SAS TRUSTEE CORPORATION ( STC )

SAS TRUSTEE CORPORATION ( STC ) SAS TRUSTEE CORPORATION ( STC ) POLICY ON USE OF EMPLOYER COMMUNICATION DEVICES AND WORKPLACE SURVEILLANCE under the Workplace Surveillance Act 2005 File: B915 May 2011 Version 3 INDEX Policy Statement...

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

Information Security Training 2012

Information Security Training 2012 Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After

More information

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency

More information

Acceptable Use of ICT Policy For Staff

Acceptable Use of ICT Policy For Staff Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Acceptable Use of Information. and Communication Systems Policy

Acceptable Use of Information. and Communication Systems Policy Use of Information Purpose of this document This document describes what is acceptable and what is unacceptable use of the company s systems. It has been prepared to help Intu Properties plc employees,

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

Information Systems Acceptable Use Policy for Learners

Information Systems Acceptable Use Policy for Learners Information Systems Acceptable Use Policy for Learners 1. Introduction 1.1. Morley College is committed to providing learners with easy access to computing and photocopying facilities. However it needs

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Human Resources Policy and Procedure Manual

Human Resources Policy and Procedure Manual Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use

More information

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF The African Academy of Sciences (AAS) Postal Address: P.O. Box 24916 00502, Nairobi, KENYA Physical Address: 8 Miotoni Lane, Karen, Nairobi Tel: +

More information

Policies Concerning the use of Computers

Policies Concerning the use of Computers Policies Concerning the use of Computers Shrewsbury School s Policies Concerning the use of Computers The Director of IT is responsible for the formulation and review of policies affecting the use of computers

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY

TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY Council Resolution No 313/03 adopted at the Ordinary Meeting of Council on 19 August 2003. PURPOSE

More information

Policy and Procedure Document. Information Security Incident Management Policy and Procedure

Policy and Procedure Document. Information Security Incident Management Policy and Procedure Policy and Procedure Document Information Security Incident Management Policy and Procedure [23/08/2011] Page 1 of 9 Document Control Organisation Redditch Borough Council Title Information Security Incident

More information

Acceptable Use Guidelines

Acceptable Use Guidelines Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Rules of the Road for Users of Smithsonian Computers and Networks

Rules of the Road for Users of Smithsonian Computers and Networks Rules of the Road for Users of Smithsonian Computers and Networks Introduction Smithsonian systems, networks and other computer resources are shared among Smithsonian employees, interns, visiting scholars,

More information

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document. Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the

More information

Acceptable Use of Information and Communication Systems Policy

Acceptable Use of Information and Communication Systems Policy Use of Information and Communication Systems Policy Purpose of this document This document describes what is acceptable and what is unacceptable use of the company s systems. It has been prepared to help

More information

Rocklin Unified School District Employee Authorized Network, Internet Usage, and E-Mail Privacy Agreement

Rocklin Unified School District Employee Authorized Network, Internet Usage, and E-Mail Privacy Agreement Rocklin Unified School District Employee Authorized Network, Internet Usage, and E-Mail Privacy Agreement Please read this document carefully before signing: A. Upon employment all individuals permitted

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

COMPUTER USE POLICY City of Proctor

COMPUTER USE POLICY City of Proctor COMPUTER USE POLICY City of Proctor Purpose This policy serves to protect the security and integrity of the city s electronic communication and information systems by educating employees about appropriate

More information

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy ) ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use

More information

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,

More information

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

Revelstoke Board of Education Policy Manual

Revelstoke Board of Education Policy Manual Revelstoke Board of Education Policy Manual 3.8 Computer, Internet and BCeSIS Usage and Access This policy shall govern the use of computer equipment, software, the network, e-mail, Internet and BCeSIS

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

Internet, Email and Computer Use Policy

Internet, Email and Computer Use Policy Policy Reference Number Internet, Email and Computer Use Policy 16 CP Responsible Department Related Policies Corporate & Community Services Code of Conduct for Elected Members, Records Management, Risk

More information

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data

More information

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY

More information

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11 Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable

More information

Acceptable Use of Information Systems Policy

Acceptable Use of Information Systems Policy Information Governance & Management Framework Acceptable Use of Information Systems Policy Version 1.3 Produced by: Customer Services & Business Transformation Inverclyde Council Municipal Buildings GREENOCK

More information

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock Information & Communications Technology Usage Policy Olive AP Academy - Thurrock Version Control Sheet Title: Purpose: Owner: Information Communications Technology Policy To advise staff of the procedures

More information

ICT Acceptable Use Policy

ICT Acceptable Use Policy ICT Acceptable Use Policy Document Management Document Disclaimer This document is issued only for the purpose for which it is supplied. Document Owner This document is produced and owned by Staffordshire

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Chronic Disease Management

Chronic Disease Management RESOURCE AND PATIENT MANAGEMENT SYSTEM Chronic Disease Management (BCDM) Version 1.0 Office of Information Technology (OIT) Division of Information Resource Management Albuquerque, New Mexico Table of

More information

HAZELDENE LOWER SCHOOL

HAZELDENE LOWER SCHOOL HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016

More information

Responsible Computer Use Policy for Students

Responsible Computer Use Policy for Students Responsible Computer Use Policy for Students Introduction By using the Sheldon College Network and ICT Services students agree to accept the terms and conditions outlined in this document. This policy

More information

Information Technology and Communications Policy

Information Technology and Communications Policy Information Technology and Communications Policy No: FIN-IT-POL-001 Version: 03 Issue Date: 10.06.13 Review Date: 10.06.16 Author: Robert Cooper Monitor Changes Approved by: Board of Governors Version

More information

DOL New Hire Training: Computer Security and Privacy

DOL New Hire Training: Computer Security and Privacy DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy ATHLONE INSTITUTE OF TECHNOLOGY I.T Acceptable Usage Staff Policy Table of Contents 1. Purpose... 2 2. Terminology... 2 3. Scope... 2 4. Acceptable Usage Policy... 3 5. Policy Acceptance... 6 6. Policy

More information

Acceptable Use of Information Technology Policy

Acceptable Use of Information Technology Policy Acceptable Use of Information Technology Policy Date created: January 2006 Updated Review date: April June 2008 Review date: Oct Dec 2009 Introduction VAW provides IT facilities for promoting its charitable

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

School Information Security Policy

School Information Security Policy School Information Security Policy Created By: Newport Education Service Date Created: 22 December 2009 Version: V1.0 Contents Background... 3 IT Infrastructure... 3 IT Access... 3 Acceptable use policy...

More information

Information Security Incident Management Policy

Information Security Incident Management Policy Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

Valdosta State University. Information Resources Acceptable Use Policy

Valdosta State University. Information Resources Acceptable Use Policy Valdosta State University Information Resources Acceptable Use Policy Date: December 10, 2010 1. OVERVIEW... 3 2. SCOPE... 3 3. DESIGNATION OF REPRESENTATIVES... 3 3.1 UNIVERSITY PRESIDENT... 3 3.2 VICE

More information

REGION 19 HEAD START. Acceptable Use Policy

REGION 19 HEAD START. Acceptable Use Policy REGION 19 HEAD START Acceptable Use Policy 1.0 Overview Research, Evaluation, Assessment and Information Systems (R.E.A.I.S.) intentions for publishing an Acceptable Use Policy are not to impose restrictions

More information

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197 (Return this page to the Executive Staff member or Principal) MEMPHIS CITY SCHOOLS EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197 As a condition of using the MCS network, I

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

Sibford School Student Computer Acceptable Use Policy

Sibford School Student Computer Acceptable Use Policy Introduction Sibford School Student Computer Acceptable Use Policy The use of the latest technology is actively encouraged at Sibford School but with this comes a responsibility to protect both students

More information

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY T: 1300 00 ENSA (3672) F: 03 9421 6109 (ENSA) INTERNET ACCEPTABLE USE POLICY 1 ABOUT THIS POLICY... 2 2 GENERAL... 2 3 ILLEGAL ACTIVITY... 2 4 SECURITY... 2 5 RISKS OF THE INTERNET... 3 6 CONTENT PUBLISHING...

More information

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted

More information

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Computer Network & Internet Acceptable Usage Policy. Version 2.0 Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March

More information

HIPAA and Health Information Privacy and Security

HIPAA and Health Information Privacy and Security HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient

More information

POLICY ON USE OF INTERNET AND EMAIL

POLICY ON USE OF INTERNET AND EMAIL POLICY ON USE OF INTERNET AND EMAIL OVERVIEW Public sector employees are accountable for their use and management of all public resources including the use of services such as the Internet and electronic

More information

INTERNET, EMAIL AND COMPUTER USE POLICY.

INTERNET, EMAIL AND COMPUTER USE POLICY. INTERNET, EMAIL AND COMPUTER USE POLICY. CONSIDERATIONS Code of Conduct Discipline and termination policy Privacy Policy Sexual Harassment policy Workplace Health & Safety Policy LEGISLATION Copyright

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information