Trust Informatics Policy. Information Governance Department. Computer Antivirus Management Policy
|
|
- Lorin Rich
- 8 years ago
- Views:
Transcription
1 Document Control Trust Informatics Policy Information Governance Department Computer Antivirus Management Policy Document Title Author/Contact Computer Antivirus Management Policy Pauline Nordoff-Tate, Information Assurance Manager Document Reference 15 Version 3 Status Approved Publication Date 26 th July 2012 Review Date 26 th July 2014 Approved by Dr Peter Williams Caldicott Guardian 23 rd July 2012 Ratified by (Relevant Group) Information Governance Group. 23 rd July 2012 Distribution: Royal Liverpool and Broadgreen University hospitals NHS Trust-intranet using SharePoint which will maintain the policy document in conjunction with each document author. Please note that the Intranet version of this document is the only version that is maintained. Any printed copies should therefore be viewed as uncontrolled and as such, may not necessarily contain the latest updates and amendments. Computer Anti-Virus Policy
2 Table of Contents Heading Page Number Control Sheet 1.0 Introduction Objective Scope Policy Malware Trojan Virus Worm Zero Day Antivirus Updates - Change Management Antivirus Updates - Desktop Server Antivirus Server Software Patch Management - Change Management Security Updates Testing Roles and Responsibilities IT Department Managers Staff Associated Documents and References Training & Resources Monitoring and Audit Equality and Diversity Recording and Monitoring of Equality & Diversity 5 Appendix 1 - Glossary of Terms 6 Computer Anti-Virus Policy i
3 Appendix 2 Blocked File Extensions 7 Appendix 3 - Document History / Version control 9 Computer Anti-Virus Policy ii
4 1.0 Introduction The Trust recognises that the Computer Antivirus Management Policy is a valuable resource in the prevention of various computer viruses within the environment. This policy is not a definitive statement of the purposes as there are likely to be new breakouts on a regular basis. Regular assessments are needed to ensure the security and reliability of the Trust s environment. This Policy should be read in conjunction with other Informatics Policies and the Staff Code of Conduct. This Policy is to be treated as a term of the employment contract. 2.0 Objective This policy aims to detail the approach that has been adopted by the Trust in relation to the management of threats resulting from the existence of malicious code (virus, worm, Trojan etc). 3.0 Scope External threat sources are increasingly utilising viruses and malicious code in their attempts to compromise systems, gain unauthorised access to information and to take control of computer resources. The wide proliferation of Worms, Trojans and the existence of Zero Day exploits dictates the requirement for a robust Antivirus management approach. The Trust has an obligation to ensure that all information processed during the normal operational practices are safe from such threats. 4.0 Policy The Policy acts as a guidance tool to protect the Trust networks and services from: 4.1 Malware Software intended to cause harm or disruption to computers or networks. There are many classifications of Malware but as a general term it deals with all forms of viruses, Trojan s and other software designed with malicious intent. 4.2 Trojan A program designed to covertly allow access to a machine without the users knowledge. A Trojan usually installs itself while disguised as a legitimate file or through social engineering methods with the intention of an attacker being able to control the target machine and abuse its resources. 4.3 Virus A malicious program or piece of code that is loaded onto a computer without permission and runs against your wishes. Computer Anti-Virus Policy Page 1
5 4.4 Worm A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down. 4.5 Zero Day A zero-day (0-day) exploit, is an exploit that takes advantage of security vulnerabilities on the same day that the vulnerabilities become generally known. 4.6 Antivirus Updates - Change Management The daily update of the antivirus signature databases is automatic and is classed as a routine change under the Trust Change Management procedures. Any change conducted to the application itself will be conducted in accordance with the Change Management procedures. 4.7 Antivirus Updates - Desktop All Trust Desktop computers will have an appropriate antivirus application installed. This application will update the signature database on a daily basis, ensuring the most current protection is available. Updates will be collected from the antivirus management server. 4.8 Server Antivirus Each server will have an appropriate antivirus application installed during the build phase and will not be introduced into the live environment without this application being fully current in relation to known threats. Updates will be conducted on a daily basis and will be collected from the antivirus management server Server The servers have the same antivirus client installed, providing coverage of traffic, and updates on the same basis as all other servers. These servers will also further enhance the protection cover by blocking specific file extensions on attachments. See Appendix 2 for a full list of blocked file extensions Software Patch Management - Change Management Any change made to Trust Servers is conducted in accordance with the Trust Change Management Procedures Security Updates The Microsoft Windows Update web site is checked on a quarterly basis for new security updates and identified updates are scheduled for implementation. If a Computer Anti-Virus Policy Page 2
6 risk is identified as being of a sufficiently high risk prior to the normal quarterly check, system downtime is arranged in order to implement the fix at the earliest possible date Testing Prior to any change being released into the live environment, rigorous testing takes place to ensure that there will be no adverse impact upon services. This is achieved through the utilisation of a test machine several days prior to live implementation. During this period, the machine is used to establish if there is likely to be any adverse impact. It is accepted that although testing does occur, it cannot always guarantee that the update will not affect services. 5.0 Roles and Responsibilities 5.1 IT Department It is the responsibility of the Technical Services to ensure that the antivirus solution is maintained in order to ensure an appropriate level of protection is provided against malicious code. 5.2 Managers It is the responsibility of all Managers to ensure that staff within their departments have received appropriate training relating to Information Security and the use of IT Systems. 5.3 Staff It is the responsibility of all staff to ensure that malicious code is not introduced onto Trust systems through adherence to Trust IT related policies. 6.0 Associated Documents and References This policy has been developed in conjunction with the following documents and Trust policies: Data Protection Act 1998 Computer Misuse Act 1990 ISO27002 Code of Practice for Information Security Management Trust Information Assurance policy and Internet Access and Monitoring Policy Firewall Management/Network Security Policy 7.0 Training & Resources The implementation of policies in this area will be carried out across the Trust by all involved staff and will be led by the and Computer Anti-Virus Policy Page 3
7 associated teams (Information Quality, Data Protection, Information Security, Records Management, Freedom of Information etc). Information Governance elements will be included in standard Trust induction, core skills training programmes, specific data protection training packages and electronic learning packages. Managers will ensure that the relevant paragraphs are included in staff job descriptions. 8.0 Monitoring and Audit The Information Governance Group is a sub-group of the Trust Board with responsibility for the ratification of Information Governance policies and approval of work programmes. This group has senior level representation, chaired by the Caldicott guardian, and supported from all appropriate areas to ensure the Trust steers this agenda appropriately. It receives regular reports from the Information Assurance Manager and responsible staff dealing with all aspects of the agenda as outlined above, and approves central returns required by the Information Governance Toolkit to NHS Connecting for Health. The IGT will be used by the Trust to conduct baseline audit and construct action plans for future compliance with this agenda. The work programs in the individual areas will be created by adherence to the IGT standards and to the national standards appropriate to the individual field of activity. Minimum requirement to be monitored Process for monitoring, e.g audit Responsible individual / group/ committee Frequency of monitoring Responsible individual / group / committee for review of results Responsible individual / group/ committee for development of action plan Responsible individual / group / committee for monitoring of action plan and implementation Relevance of policy to Trust needs Audit / Review IGG Annually IGG IGG IGG 9.0 Equality and Diversity Trust is committed to an environment that promotes equality and embraces diversity in its performance as an employer and service provider. It will adhere to legal and performance requirements and will mainstream equality and diversity principles through its policies, procedures and processes. This policy should be implemented with due regard to this commitment. To ensure that the implementation of this policy does not have an adverse impact in response to the requirements of the Race Relations (Amendment Act) the Disability Discrimination Act 2005, and the Equality Act 2006 this policy has been screened for relevance during the policy development process and a full impact Computer Anti-Virus Policy Page 4
8 assessment conducted where necessary prior to consultation. The Trust will take remedial action when necessary to address any unexpected or unwarranted disparities and monitor practice to ensure that this policy is fairly implemented. This policy and procedure can be made available in alternative formats on request including large print, Braille, moon, audio, and different languages. To arrange this please refer to the Trust translation and interpretation policy in the first instance. The Trust will endeavour to make reasonable adjustments to accommodate any employee/patient with particular equality and diversity requirements in implementing this policy and procedure. This may include accessibility of meeting/appointment venues, providing translation, arranging an interpreter to attend appointments/meetings, extending policy timeframes to enable translation to be undertaken, or assistance with formulating any written statements. 9.1 Recording and Monitoring of Equality & Diversity The Trust understands the business case for equality and diversity and will make sure that this is translated into practice. Accordingly, all policies and procedures will be monitored to ensure their effectiveness. Monitoring information will be collated, analysed and published on an annual basis as part of our Single Equality and Human Rights scheme. The monitoring will cover all strands of equality legislation and will meet statutory employment duties under race, gender and disability. Where adverse impact is identified through the monitoring process the Trust will investigate and take corrective action to mitigate and prevent any negative impact. The information collected for monitoring and reporting purposes will be treated as confidential and it will not be used for any other purpose. Computer Anti-Virus Policy Page 5
9 Appendix 1 - Glossary of Terms Malware Malicious ware deals with all forms of viruses including Trojans and other software designed with malicious intent. Trojan A Trojan is a piece of software which disguises itself as a legitimate file wit the intention of attacking a target. Worm usually an algorithm which replicates itself over a computer network which is designed with malicious Computer Anti-Virus Policy Page 6
10 Appendix 2 Blocked File Extensions File extension.ade.adp.bas.bat.chm.cmd.com.cpl.crt.exe.hlp.hta.inf.ins.isp.js.jse.lnk.mda.mdb.mde.mdz.msc.msi File type Microsoft Access project extension Microsoft Access project Microsoft Visual Basic class module Batch file Compiled HTML Help file Microsoft Windows NT Command Script Microsoft MS-DOS program Control Panel extension Security certificate Program Help file HTML program Setup Information Internet Naming Service Internet Communication settings JScript file Jscript Encoded Script file Shortcut Microsoft Access add-in program Microsoft Access program Microsoft Access MDE database Microsoft Access wizard program Microsoft Common Console Document Microsoft Windows Installer package Computer Anti-Virus Policy Page 7
11 .msp.mst.pcd.pif.reg.scr.sct.shs.url.vb.vbe.vbs.wsc.wsf.wsh Windows Installer patch Visual Test source files Photo CD image or Microsoft Visual Test compiled script Shortcut to MS-DOS program Registration entries Screen saver Windows Script Component Shell Scrap Object Internet shortcut VBScript file VBScript Encoded Script file VBScript file Windows Script Component Windows Script file Windows Script Host Settings file Computer Anti-Virus Policy Page 8
12 Appendix 3 - Document History / Version control Version Date Comments Author Draft 12/12/2006 Draft version produced for N Morgan review 1 20/12/2006 Minor revisions made N Morgan /07/2007 Placed into Trust format A Penketh /05/2009 Policy Review no changes D Mort required /06/2010 Minor revisions made Information Assurance Manager /09/2010 Minor revisions Information Assurance Manager /07/2012 Minor Revisions Servers have the Technical Support Team Manager same AV Client, Security updates are checked on a quarterly basis. 23/07/2012 Minor revisions Information Assurance Manager 12/10/2012 Trust format changes Information Assurance Manager Review Process Prior to Ratification NAME OF GROUP/DEPARTMENT/SPECIALIST DATE COMMITTEE North Mersey HIS December 2006 Information Governance Group March 2007 Information Governance Group(virtual meeting) August 2010 Information Governance Group 23 rd July 2012 Computer Anti-Virus Policy Page 9
Trust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationTrust Operational Policy. Information Security Department. Firewall Management Policy
Trust Operational Policy Information Security Department Firewall Management Policy Policy Reference: 3545 Document Control Document Title Author/Contact Document Reference 3545 Firewall Management Policy
More informationThe Informatics Policy Information Governance Process
Informatics Policy Information Governance Policy Ref: 3593 Policy Title Author/Contact Document Reference 3593 Pauline Nordoff-Tate, Information Assurance Manager Document Impact Assessed Yes/No Date:
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationTrust Operational Policy. Information Security Department. Network Services Management Security Policy
Trust Operational Policy Information Security Department Network Services Management Security Policy Policy Reference: TIP/ISD/NSMSP Document Control Document Title Author/Contact Document Path & Filename
More informationTrust Operational Policy. Information Security Department. Third Party Remote Access Policy
Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager
More informationHow To Write A Code Of Conduct For A Trust
Healthcare Assistant, Clinical Support Worker and Assistant Practitioner Code of Conduct DOCUMENT CONTROL Policy Title Author/Contact Author has attended Equality and Diversity Impact Assessment Training
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformatics Policy. Information Governance. Email and Internet Use and Monitoring Policy
Informatics Policy Information Governance Document Control Document Title Author/Contact Document Reference 3539 Version 6 Pauline Nordoff-Tate, Information Assurance Manager Status Approved Publication
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationTrust Informatics Policy. Information Governance. Secure Transfer of Information Policy
Trust Informatics Policy Information Governance Policy Reference: 3628 Document Title Author/Contact Document Reference 3628 Document Control Pauline Nordoff-Tate, Information Assurance Manager Document
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationMOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY
MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationImproving Virus Protection at Kent State University
Improving Virus Protection at Kent State University (Prepared by Joe Aulino. Distributed at UCT Oct. 31, 2003) For the purpose of this document, the term virus will be used generically to mean any piece
More informationANTI-VIRUS POLICY OCIO-6006-09 TABLE OF CONTENTS
OCIO-6006-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. Purpose II. Authority III. Scope IV. Definitions V. Policy VI. Roles and Responsibilities VII. Exceptions
More informationPATCH MANAGEMENT POLICY PATCH MANAGEMENT POLICY. Page 1 of 5
Page 1 of 5 TABLE OF CONTENTS 1. OVERVIEW... 3 2. DEFINITIONS... 3 3. PURPOSE... 3 4. SCOPE... 3 5. POLICY... 4 6. WORKSTATIONS... 4 7. SERVERS... 4 8. ROLES AND RESPONSIBILITIES... 4 9. MONITORING AND
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationPATCH MANAGEMENT POLICY IT-P-016
IT-P-016 Date: 28 th March, 2016 Stamford International University ( STIU ) Patch Management Policy Rationale Stamford International University ( STIU ) is responsible for ensuring the confidentiality,
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationMicrosoft Outlook 2003 Quick Reference
Microsoft Outlook 2003 Quick Reference Table of Contents Creating Messages 3 Using the Address book 3 Sending messages 3 Saving unfinished messages 4 Adding attachments 4 Using automatic signatures 5 Reading
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationINFORMATION GOVERNANCE POLICY: NETWORK SECURITY
INFORMATION GOVERNANCE POLICY: NETWORK SECURITY Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 1.2 Approved by: Information Governance Group Approval Date:
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationInformation Governance Policy
Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath
More informationPOLICY AND PROCEDURE FOR INFORMATION GOVERNANCE & INFORMATION RISK
1 TRUST-WIDE SERVICE BASED POLICY POLICY AND PROCEDURE FOR INFORMATION GOVERNANCE & INFORMATION RISK Policy Number: Scope of this Document: Recommending Committee: Approving Committee: IT12 All Staff Information
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationSecuring against Viruses, Malware and Email Hoaxes Good Practice Guideline
Programme NPfIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0005.01 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mark Penny
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationEmail Services Policy
Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages
More informationAnti-Virus Policy. Computing and Networking Services (CNS).
Anti-Virus Policy Reference: CNS-P-I-ANTIVIRUS Revision: A Supersedes: Purpose: Source: None CNS is to provide a computing network that is virus-free. The purpose of this policy is to provide instructions
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationInformation Governance Toolkit Assessment 2009/10
Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationGloucestershire Hospitals
Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy
More informationSALISBURY NHS FOUNDATIONTRUST
SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure
More informationTrust Informatics Policy. Information Governance. Information Assurance Policy
Trust Informatics Policy Information Governance (Combined DP, DP Communication, Information Security & Clear Desk Policies) Document Control Document Title Author/Contact Pauline Nordoff-Tate Document
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY Version No: 1 Issue Status: awaiting Trust Board approval Date of Ratification: 11th April 2012 Ratified by: Risk Management Committee Policy Author(s): Stuart Coalwood
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationPolicy: D9 Data Quality Policy
Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationMicrosoft Outlook: Security Features. and Vulnerabilities
Microsoft Outlook: Security Features and Vulnerabilities ECE478 Report By: Mohammad Al-Fares Fares Al-Osaimi Abstract: Microsoft Outlook has been a favorite victim of virus makers for its relatively easy
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationNHS Business Services Authority Information Governance Policy
NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info
More information2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.
REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a
More informationFirewalls and Software Updates
Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document
ESET CYBER SECURITY PRO for Mac Quick Start Guide Click here to download the most recent version of this document ESET Cyber Security Pro provides state-of-the-art protection for your computer against
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationJOB DESCRIPTION. Corporate Governance Manager. 45 hours per week. Director of Compliance & Governance. London with national responsibilities
JOB DESCRIPTION POST: SALARY: HOURS: REPORTS TO: LOCATION: Corporate Governance Manager 40,000 per annum 45 hours per week Director of Compliance & Governance London with national responsibilities JOB
More informationCAPITAL INVESTMENT POLICY
CAPITAL INVESTMENT POLICY Document Profile Box Document Reference: Version: 0001 Ratified by: Trust Board Date ratified: March 2009 Name of originator/author: Duncan Sellers Name of responsible committee/individual:
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationAudit and Risk Management Committee. IT Security Update
Audit and Risk Management Committee 26 th February 2015 IT Security Update Description of paper 1. The purpose of this paper is to update the Committee on current security issues and what steps are being
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationHow To Manage Risk In Ancient Health Trust
SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,
More information