MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee
|
|
- Ross Gibbs
- 8 years ago
- Views:
Transcription
1 MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE Documentation Control Reference GG/INF/020 Date Approved 13 Approving Body Directors Group Implementation date 13 Supersedes Not Applicable Consultation undertaken Information Governance Committee Date of Completion of September 2010 Equality Impact Assessment Target Audience NUH staff Supporting Procedure Information Security Procedure Review Date September 2013 Lead Executive Director of Health Informatics Author / Lead Manager Information Security Adviser Further Guidance/ ICT Information Security Ext Information Mobile Computing & Remote Working Policy 1
2 CONTENTS Paragraph Title Page 1. Aim and Scope 3 2. Definitions 4 3. Information Risk 5 4. Management Responsibility 7 5. Staff Responsibility 9 6. General policy statements Incident Reporting Termination of employment Disposal of Media and Equipment Equality and Diversity Statement Equality Impact Assessment Statement Environmental Impact Assessment Implementation and Monitoring plan Review Associated Documentation We Are Here For You 16 Appendix A Appendix B Appendix C We Are Here For You Toolkit 17 Equality Impact Assessment Report 20 Employee Record of Having Read the Policy 21 Mobile Computing & Remote Working Policy 2
3 1. Aim and Scope 1.1 This policy is aimed at all NUH staff who access and use Trust information by connecting remotely to secure servers by using dial-in technology or by using mobile devices. NUH staff includes temporary workers, locums and staff seconded or contracted from other organisations, as well as permanent staff, who have access to and use NUH information. 1.2 The Trust is required to have appropriate procedures for ensuring that mobile and teleworking are conducted in a secure manner in order to satisfy statutory and mandatory standards of information security. This is a key Information Governance requirement (Ref 8-314). 1.3 Any information that is related to and can identify a living individual, is personal data protected by the principles of the Data Protection Act 1998 (DPA). The 7 th DPA principle states that Appropriate technical and organisational measures shall be taken against accidental loss or destruction of, or damage to personal data 1.4 The confidential and business sensitive Trust information that warrants protection by adherence to this policy includes any information concerning patients and staff and any other information that would cause commercial or reputational harm, if it was exposed to somebody who should not see it. 1.5 This policy covers: Connection to the Trust network remotely The processing of Trust information away from Trust premises The processing of Trust information on mobile devices 1.6 This policy is designed to mitigate the information risks of loss, misuse and unauthorised access, to confidential or sensitive Trust information when it is accessed and/or removed from the secure systems or premises. 1.7 NHS Policy says there shall be no movement of identifiable personal information without encryption (David Nicholson Gateway Ref: 9424) 1.8 Adherence to this policy will ensure that the Trust meets legal obligations and national standards in information security. It sets the rules that all staff must follow to ensure Mobile Computing & Remote Working Policy 3
4 that confidentiality of personal and business data is maintained and ensures that patients, staff and visitors have confidence in the Trusts standards in information management and security. 1.9 Failure to comply with the requirements of this policy may result in an individual being forbidden to work remotely and may lead to disciplinary action. In some circumstances loss of Trust data can result in prosecution The scope of this policy does not include the health and safety risks of working from home environment or associated insurance, taxation, mortgage or lease conditions or any other aspect or Trust policy that managers need to take into consideration when agreeing to home working. 2. Definitions 2.1 Mobile devices, (also called Portable Computer Devices) This includes any equipment that can store information independently from the Trust s fixed secure network servers and transport it to any location, in particular away from NUH premises. Typically this will include laptops, notebooks, tablet PCs, palmtops, personal digital assistants, but also includes digital devices such as dictaphones and mobile phones. 2.2 Removable Media or Data Storage Media Any physical item that can store digital information and requires another device to access it. For example, CD, DVD, floppy disc, tape, flash memory cards, USB data sticks and portable hard drives. Essentially anything that you can copy and save and/or write data onto which can then be taken away and restored onto another computer. 2.3 Remote Working Accessing trust data whilst working away from your normal fixed place of work, via any of the following means: Mobile Computing - Working at any location, using mobile devices and/or removable media (listed above) Teleworking and home working - Working at home or any location other than your normal work base requiring periods of access to NUH Information systems. Mobile Computing & Remote Working Policy 4
5 Remote connection - Authorised staff can access data held on the Trust s secure server remotely using a VPN (Virtual Private Network) token. The system allows access from any Internet connected PC referred to as the Host PC 2.4 Encryption Encryption is mandatory on mobile devices to ensure the security of confidential information. 2.5 Unauthorised use and unauthorised access Unauthorised use is when any individual who is not the staff member responsible for the security of that data, mobile device, portable equipment or the password holder and who does not have any right or justification (authority) to have that data gains access to data, including sight of data, accidentally or deliberately. Such access is referred to as unauthorised access. Unauthorised access to personal data is illegal. 3. Information Risk This policy is designed to provide direction to NUH staff to mitigate the risks of loss, misuse and unauthorised access, to confidential or sensitive Trust information when it is accessed remotely or removed from the secure systems or premises on a mobile device or removable media. The risks to information in these circumstances are specified below and staff and managers should be aware of these risks and know how to manage them: 3.1 Theft, loss or damage of equipment Equipment and data in transit is at particular risk of being damaged, lost or stolen. Precautions should be taken to ensure equipment and data is not left unattended in public areas and exposed to unauthorised access an/or theft. Mobile Computing & Remote Working Policy 5
6 3.2 Unauthorised access to data Unauthorised access to data is possible in a number of ways. Staff must not leave equipment or media containing confidential data in places where it may be seen, accessed or used by unauthorised individuals. Unauthorised individuals may attempt to gain access to data through technical means such as sniffing or through guessed passwords. Encrypted data on media or encrypted transfer of data e.g. by , strong access controls and user identification/authentication and strong wireless networks are essential information security protections necessary to reduce the risk of unauthorised access to Trust data. 3.3 Malicious and unauthorised mobile code All mobile devices and removable media should have their anti-spyware components regularly updated to protect against these types of attacks. 3.4 Data backups Mobile devices such as laptops should be configured so that data processed on them is synchronised to the Trust s secure network and must be connected to the servers on a regular basis. Only the minimum amount of data required must be carried in mobile devices at any one time to reduce the risk of the potential impacts of unforeseen events. 3.5 Working environment The location for teleworking and homeworking must be risk assessed and should cover: Physical security, for example, the risks of home burglary and loss of equipment may need to be mitigated through the use of physical security devices such as Kensington locks or anchorpad encasements. Compliance with Display Screen Equipment regulations, if appropriate. For example, having a workstation with an adjustable chair and suitable lighting. Mobile Computing & Remote Working Policy 6
7 Environmental conditions, for example, ensuring that NUH equipment or data is not held in an area where heat, cold, water or dampness could cause damage. Measures to remove or minimise risks shall be implemented as necessary. 3.6 Equipment ownership NUH is responsible for ensuring that staff have the necessary facilities and equipment in order for them to do their job. The use of employee owned equipment for Trust business purposes introduces additional risks to the security of information that may not be obvious and beyond the control of the organisation. For example, accidental unauthorised access to data by other family members using the same equipment and/or accidental disclosure of confidential information through inadequate security protection or insecure disposal of redundant equipment, loss and/or inaccessibility of data to the Trust, illegal data processing. Trust data must not therefore be downloaded and held on personal equipment. The two approved secure options for accessing data when working remotely are either: a) Use of official Trust issued mobile devices to hold and access trust data from an encrypted hard-drive or to download and read data held on encrypted portable media b) By secure token dial-in access to data held on Trust servers via the Virtual Private Network (VPN). 4. Management Responsibilities Mobile working and remote working must be authorised and controlled by managers. The NHS structured approach to information risk management has been implemented within NUH as follows: Accountable Officer (AO) Chief Executive Senior Information Risk Owner (SIRO) Director of ICT Information Asset Owners (IAO) Clinical and Corporate Directors Mobile Computing & Remote Working Policy 7
8 Information Asset Assistants (IAA) Directorate managers nominated by and provide support to the IAO 4.1 Clinical and Corporate Directors As IAOs, Directors are responsible for the management of information risk within their Directorate and in particular are responsible for ensuring their staff are aware of the information risks identified within this policy and take responsible action to mitigate them. IAOs must ensure procedures are in place within their Directorate to enable the identification and assessment of information risks of mobile computing and remote working and the implementation of control measures, including staff training and awareness to mitigate the risks. IAOs must ensure all mobile and teleworkers are appropriately approved and authorised. This should include a procedure to ensure that mobile computing and removable media devices used are approved Trust equipment that has been encrypted. Equipment holding Trust data is an information asset and must be recorded on the Trust s Information Asset Register Regular audits should be undertaken to ensure all users are approved, that mobile devices issued can be accounted for and that assurance can be given to the SIRO that identified risks are adequately controlled and managed. 4.2 Managers Managers are responsible for ensuring that all their staff have read and understood this policy prior to authorising remote working and mobile computing arrangements. They must ensure that staff work in compliance with this policy and other appropriate legislation and Trust policies. This includes the responsibility for ensuring that risk assessments are or have been carried out and that suitable controls are put in place and remain in place to either eradicate or minimise any identified risks to the security of NUH information. Mobile Computing & Remote Working Policy 8
9 4.3 SIRO The Director of ICT, as the Trust s appointed SIRO, is responsible for ensuring that identified information security risks are managed through an assurance framework. The SIRO will ensure specialist advisory support is provided to the IAOs and IAAs to assist them to carry out their responsibilities, including advice on the interpretation and application of this policy where required. 5. Staff Responsibilities 5.1 All staff, whether permanent, temporary or contracted, must be aware or their own individual responsibilities for the maintenance of confidentiality, data protection, information security management and information quality and understand they are duty bound and legally required to comply with this policy. 5.2 Failure to comply with this policy may result in disciplinary action being taken, which may result in the withdrawal of authorisation and facility to work remotely. 5.3 Staff shall inform their manager if they have any concerns about any issues that would constitute an information risk. This covers not only risks to resources or confidentiality of data, but also personal risk, risk to others and risk to the Trust s reputation. 5.4 Staff need to demonstrate to their line manager that they have read and understood this policy and are aware of their responsibility for the protection and security of the Trust information they have access to and use. They must agree with their managers exactly how they will ensure that this policy is fully met when working away from NUH controlled premises. 5.5 Staff who are authorised to work remotely, or from home, shall only access the Trust information that they need in order to do their job by either: Remote VPN connection, or Use of an encrypted mobile device issued by the Trust 5.6 Holding personal data on anything other than Trust equipment is a breach of the Data Protection Act Staff Mobile Computing & Remote Working Policy 9
10 are not permitted to hold person identifiable data or any other Trust sensitive data on personally owned equipment, in particular home PCs. This includes, for example, uploading Trust data from removable media directly onto the hard-drive of a personally owned PC at home, or bypassing the secure encryption methods by ing confidential or sensitive Trust information to their personal accounts. 5.7 Holding other commercially or business sensitive Trust data on personal equipment would breach Trust policies concerning information security and records management. 5.8 Staff who regularly work remotely should access information directly from the Trust s systems via the VPN to avoid having to transport information and to mitigate the risk of accidental loss of data and equipment. 5.9 Where the Trust has supplied any form of mobile device or media, only appropriately authorised members of staff are allowed to have any access to it. Staff must not allow an unauthorised person to use and/or access information held on the device, e.g. a member of their household, either deliberately or inadvertently Staff must not, under any circumstances, disclose their network user name, or password, or personal PIN number to anyone or allow anyone to use their VPN token to gain access to trust data Staff must not connect any Trust supplied equipment to any phone line, internet connection (including WiFi) or other computer, unless they have been given written authority by the Trust s Information Security Adviser and access to either the NHS network or the Trust s network via a secure remote link Where staff have been supplied with a mobile device they are responsible for ensuring that it is regularly connected to the Trust s network on-site for upgrade of anti-virus software and other licensing requirements Staff working remotely by using portable devices or removable media must keep equipment, files and media locked out of sight during transit, and must also ensure any equipment is not left unattended or insecure when off site to prevent accidental loss and unauthorised access at all times, Mobile Computing & Remote Working Policy 10
11 including within their home. Particular care must be taken when media and equipment are taken on to public transport The use of personal information in public areas must be kept to an absolute minimum, due to the threats of overlooking and to discourage theft Authorisation must be obtained from the individual s line manager before any patient or staff or confidential information is taken away from your normal work location. Trust information must only be used for Trust related purposes in connection with your work Staff are responsible for ensuring that unauthorised individuals are not able to see any confidential Trust information or access Trust systems. Only members of staff are allowed access to information being used at home in any form, on any media Establishing support arrangements for software on non-trust Host PCs e.g. personal PCs at home, necessary to access Trust data via VPN is the responsibility of the staff member/user. No support is provided by the ICT department or helpdesk All users are required to understand and abide by the principles laid down in this policy document. Users must treat Remote Access and Mobile Computing systems as if they were using Trust systems from their desk based on-site Staff must ensure that removable media must not be used to store inappropriate images or files, and the content of all information stored on mobile devices and media is in line with Trust policy. 6. General Policy Statements 6.1 The Trusts approved method of remote connection is the virtual private network (VPN) managed by ICT Services. This system requires access via a hardware token which generates a random identification number. The user then needs to input username and password which ensures strong authentication in line with Department of Health requirements. Access to desktop , diary and some of the Trusts clinical systems is possible using the VPN. This system uses: Mobile Computing & Remote Working Policy 11
12 automatic encryption (256 bit) Cisco Secure Desktop technology Users will be required to sign a declaration before VPN access is granted. 6.2 Trust owned mobile devices and media must be encrypted if they contain person identifiable information (PID) or other sensitive data. Any sensitive data sent to or from that device should be encrypted during transit. 6.3 Mobile phones and similar devices used for access must have the security PIN number enabled. 6.4 Mobile phones must not be used to take photographs of patients 6.5 In accordance with the NHS Statement of Compliance, only NUH owned or managed equipment is to be connected to the Trust s network. This includes all mobile devices. 6.6 Person identifiable data, or other confidential Trust data must not be stored permanently on mobile devices or media. Where possible information should be transferred to the Trust s secure network and deleted from the device as soon as possible. 6.7 Unauthorised software must not be installed onto Trust mobile devices 6.8 Anti virus scanning software must be installed and regularly updated. 6.9 Redundant Trust equipment must be returned to ICT for secure disposal Confidential and sensitive business information held as paper format must be similarly protected against loss, damage, misuse and/or unauthorised access at all times Confidential and sensitive information must be held in a lockable secure container for transportation, including transportation from one hospital campus to the other Patient Medical Records must not be held at home unless there are exceptional circumstances and authorised by a manager following an assessment and assurance that adequate security is in place to protect those records off site. A record of their location and a contact number must be Mobile Computing & Remote Working Policy 12
13 provided to ensure the availability of those records 24/7 if they are required in an emergency. 7. Incident Reporting Staff and Managers are responsible for reporting any incident related to the loss, damage, accidental disclosure or unauthorised access of Trust data in accordance with the Trust s incident reporting procedures. Such incidents should also be reported to the Information Security Officer, ICT via the ICT Helpdesk ext Termination of Employment 8.1 On leaving the employment of the Trust, all equipment, software and information must be returned to the line manager. 9. Secure Disposal of Media and Equipment 9.1 The disposal of media containing personal identifiable or Trust sensitive information must only take place at the Trust in line with on-site confidential waste and disposal procedures. Staff with such media to dispose of, are responsible for returning it to the site and following the confidential waste procedures for the campus. 9.2 Redundant IT equipment must be returned to ICT for secure disposal that ensures total and unrecoverable destruction of drives holding confidential data. 10. Equality and Diversity Statement All patients, employees and members of the public should be treated fairly and with respect, regardless of age, disability, gender, marital status, membership or non-membership of a trade union, race, religion, domestic circumstances, sexual orientation, ethnic or national origin, social & employment status, HIV status, or gender re-assignment. Mobile Computing & Remote Working Policy 13
14 All trust polices and trust wide procedures must comply with the relevant legislation (non exhaustive list): Equal Pay Act (1970 and amended 1983) Sex Discrimination Act (1975 amended 1986) Race Relations (Amendment) Act 2000 Disability Discrimination Act (1995) Employment Relations Act (1999) Rehabilitation of Offenders Act (1974) Human Rights Act (1998) Health & Safety at Work Act 1974 Trade Union and Labour Relations (Consolidation) Act 1999 Code of Practice on Age Diversity in Employment (1999) Part Time Workers - Prevention of Less Favourable Treatment Regulations (2000) Fixed Term Employees - Prevention of Less Favourable Treatment Regulations (2001) Employment Equality (Sexual Orientation) Regulations 2003 Employment Equality (Religion or Belief) Regulations 2003 Employment Equality (Age) Regulations 2006 Equality Act (Sexual Orientation) Regulations Equality Impact Assessment Statement NUH is committed to ensuring that none of its policies, procedures, services, projects or functions discriminate unlawfully. In order to ensure this commitment all policies, procedures, services, projects or functions will undergo an Equality Impact Assessment. Reviews of Equality Impact Assessments will be conducted inline with the review of the policy, procedure, service, project or function. 12. Environmental Impact Assessment Following the initial screening of this policy, a full impact assessment is not required at present as the policy does not create any environmental impact. Mobile Computing & Remote Working Policy 14
15 13. Implementation and Monitoring Plans The Directors Group are responsible for the ratification of this policy. The Directors, as IAOs, are responsible for the implementation of this policy within their respective directorate. Regular audits should be undertaken to ensure all users are approved, that mobile devices issued can be accounted for and that assurance can be given to the SIRO that identified risks are adequately controlled and managed. Adherence to this policy will be monitored via the investigation and analysis of information security incidents reported to the Information Governance Committee by the Information Security Adviser. The SIRO and reported to the Directors Group by the SIRO. 14. Review The Information Governance Committee is responsible for the review of this policy. 15. Associated Documentation Internet Usage and Monitoring Policy. Information Security & Data Protection Policy. Information Security & Data Protection Procedure. Information Sharing Protocol. Records management policies Disciplinary policy policy Mobile Computing & Remote Working Policy 15
16 16. We Are Here For You This Trust is committed to providing the highest quality of care to our patients, so we can pledge to them that we are here for you. This Trust supports a patient centred culture of continuous improvement delivered by our staff. The Trust established the Values and Behaviours programme to enable Nottingham University Hospitals to continue to improve patient safety, outcomes and experiences. The set of twelve agreed values and behaviours explicitly describe to employees the required way of working and behaving, both to patients and each other, which would enable patients to have clear expectations as to their experience of our services. Mobile Computing & Remote Working Policy 16
17 Appendix A We Are Here For You Policy and Trust-wide Procedure Compliance Toolkit The We Are Here For You service standards have been developed together with more than 1,000 staff and patients. They can help us to be more consistent in what we do and say to help people to feel cared for, safe and confident in their treatment. The standards apply to how we behave not only with patients and visitors, but with all of our colleagues too. They apply to all of us, every day, in everything that we do. Therefore, their inclusion in Policies and Trust-wide Procedures is essential to embed them in our organization. This toolkit has been designed for Policy Owners to assess the compliance of their Policy or Trust-wide Procedure in light of the We Are Here For You values. It is now mandatory for all Policies and Trust-wide Procedures to incorporate the We Are Here For You Values and undergo this compliance assessment. Please complete the grid below to assess your Policy or Trust-wide Procedure. The toolkit will then advise Policy-owners on the steps they need to take to become We Are Here For You compliant. To what extent is your Policy or Trust-wide Procedure affected by the following We Are Here For You values? Please rate each value from 1 3 (1 being not at all, 2 being affected and 3 being very affected) 1. Polite and Respectful Whatever our role we are polite, welcoming and positive in the face of adversity, and are always respectful of people s individuality, privacy and dignity. 2. Communicate and Listen We take the time to listen, asking open questions, to hear what people say; and keep people informed of what s happening; providing smooth handovers. 3. Helpful and Kind All of us keep our eyes open for (and don t avoid ) people who need help; we take ownership of delivering the help and can be relied on Mobile Computing & Remote Working Policy 17
18 4. Vigilant (patients are safe) Every one of us is vigilant across all aspects of safety, practices hand hygiene and demonstrates attention to detail for a clean and tidy environment everywhere On Stage (patients feel safe) We imagine anywhere that patients could see or hear us as a stage. Whenever we are on stage we look and behave professionally, acting as an ambassador for the Trust, so patients, families and carers feel safe, and are never unduly worried Speak Up (patients stay safe) We are confident to speak up if colleagues don t meet these standards, we are appreciative when they do, and are open to positive challenge by colleagues. 7. Informative We involve people as partners in their own care, helping them to be clear about their condition, choices, care plan and how they might feel. We answer their questions without jargon. We do the same when delivering services to colleagues Timely We appreciate that other people s time is valuable, and offer a responsive service, to keep waiting to a minimum, with convenient appointments, helping patients get better quicker and spend only appropriate time in hospital Compassionate We understand the important role that patients and family s feelings play in helping them feel better. We are considerate of patients pain, and compassionate, gentle and reassuring with patients and colleagues Accountable Take responsibility for our own actions and results 1 Mobile Computing & Remote Working Policy 18
19 11. Best Use of Time and Resources Simplify processes and eliminate waste, while improving quality Improve Our best gets better. Working in teams to innovate and to solve patient frustrations 1 TOTAL 15 Mobile Computing & Remote Working Policy 19
20 Appendix B Equality Impact Assessment Report Outline 1. Name of Policy or Service Mobile Computing and Remote Working Policy & Procedure 2. Responsible Manager Andrew Fearn 3. Name of Person Completing Assessment David Cadwell 4. Date EIA Completed 29 th July Description and Aims of Policy/Service (including relevance to equalities) The aim of this policy is to ensure that the statutory and mandatory standards concerning confidentiality and security of information are maintained when NUH staff access Trust information remotely i.e. from somewhere off-site or take work away from site using mobile devices such as laptops or removable media devices such as USBs. 6. Brief Summary of Research and Relevant Data See policy 7. Methods and Outcome of Consultation INFORMATION GOVERNANCE COMMITTEE Mobile Computing & Remote Working Policy 20
21 8. Results of Initial Screening or Full Equality Impact Assessment: Equality Group Age Gender Race Sexual Orientation Religion or belief Disability Dignity and Human Rights Working Patterns Social Deprivation Assessment of Impact No Impact Identified No Impact Identified No Impact Identified No Impact Identified No Impact Identified No Impact Identified No Impact Identified No Impact Identified No Impact Identified 9. Decisions and/or Recommendations (including supporting rationale) Following the initial screening of this policy, a full impact assessment is not required at present as the policy relates to records management. 10. Equality Action Plan (if required) N/A 11. Monitoring and Review Arrangements (including date of next full review) Every three years, unless legislation or NHS Information Security and Governance requirements change Mobile Computing & Remote Working Policy 21
22 Appendix C EMPLOYEE RECORD OF HAVING READ THE POLICY MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE I have read and understand the principles contained in the named policy. PRINT FULL NAME SIGNATURE DATE Mobile Computing & Remote Working Policy 22
ALCOHOL, DRUG OR SUBSTANCE MISUSE POLICY Documentation Control
Supporting Documents and References ALCOHOL, DRUG OR SUBSTANCE MISUSE POLICY Documentation Control Reference HR/P&C/006 HR/P&C/006 Approving Body Trust Board 5th August, 2010 Date Approved Approving Body
More informationNOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST MOBILE COMPUTING & REMOTE WORKING POLICY. Documentation Control
NOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST MOBILE COMPUTING & REMOTE WORKING POLICY Documentation Control Reference Approving Body GG/INF/020 Directors Group Date Approved 24 Implementation Date 24 Summary
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationSlips, Trips and Falls Policy. Documentation Control
Documentation Control Reference HS/SP/015 Date approved 23 Approving body Directors Group Implementation date 23 Supersedes Version 2 (March 2010) Consultation undertaken Trust Health and Safety Committee
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationNOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST. PATIENT DATA QUALITY POLICY Documentation Control
NOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST PATIENT DATA QUALITY POLICY Documentation Control Reference GG/INF/019 Approving Body Directors Group Date Approved 16 Implementation Date 16 Summary of Changes
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationSummary Electronic Information Security Policy
University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationCellular/Smart Phone Use Procedure
Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This
More informationStandard Operating Procedure. Secure Use of Memory Sticks
Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationData Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationConditions of Use. Communications and IT Facilities
Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationBurton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:
POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical
More informationDevelopment / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review
Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationPS177 Remote Working Policy
PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationHAZELDENE LOWER SCHOOL
HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationPolicies and Procedures. Policy on the Use of Portable Storage Devices
Policies and Procedures Policy on the Use of Date Approved by Trust Board Version Issue Date Review Date Lead Person One May 2008 Dec 2012 Head of ICT Two Dec 2012 Dec 2014 Head of ICT Procedure /Policy
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationRemote Access and Home Working Policy London Borough of Barnet
Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and
More information1. GENERAL INFORMATION Job Title: IT Support Assistant (2)
1. GENERAL INFORMATION Job Title: IT Support Assistant (2) Location: Longbow Responsible To: IT Manager Responsible For: Nil 2. JOB SUMMARY To provide initial technical support for the day to day provision
More informationYMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationEncryption Policy Version 3.0
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationCentral Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11
Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable
More informationDublin Institute of Technology IT Security Policy
Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationBring Your Own Device (BYOD) Policy
Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch
More informationBulk Data Transfer Guidelines
Bulk Data Transfer Guidelines This procedural document supersedes: CORP/ICT 20 v.1 Bulk Data Transfer. Did you print this document yourself? The Trust discourages the retention of hard copies of policies
More informationICT POLICY AND PROCEDURE
ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationInformation Security Policy
Document reference: Version 3.0 Date issued: April 2015 Contact: Matthew Jubb Information Security Policy Revision History Version Summary of changes Date V1.0 First version finalised. February 2006 V1.1
More informationAuthorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together
Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationMerthyr Tydfil County Borough Council. Information Security Policy
Merthyr Tydfil County Borough Council Information Security Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationWhy do we need to protect our information? What happens if we don t?
Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers
More informationTENDERING AND CONTRACT PROCEDURES. Documentation Control. Reference Corporate Governance Framework Chapter 6 Date approved
TENDERING AND CONTRACT PROCEDURES Documentation Control Reference Corporate Governance Framework Chapter 6 Date approved Approving Body Trust Board Implementation date 1 June 2010 Version 4 Supersedes
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationKenmore State High School Student Laptop Charter
Kenmore State High School Student Laptop Charter 2 Contents Student Laptop Charter... 4 Loan equipment... 4 Equipment ownership... 5 Fee for provision of laptop... 5 Laptop care... 6 Data security... 6
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationInformation Incident Management. and Reporting Policy
Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:
More informationSchool of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More information