Why do we need to protect our information? What happens if we don t?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Why do we need to protect our information? What happens if we don t?"

Transcription

1 Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers Uncovers myths about how information is held and transferred and provides practical advice and guidance to employees for protecting information. This document is based upon security best practice and will be stated in forthcoming Security Policies, which are currently in development. Employer and Employee Responsibilities Home > Advice and Guidance > HR > Conduct, Standards and Procedures Protective Marking, Handling and Disposal Policy Intranet : Home > Advice and Guidance > Information Management > Information Security Protecting WCC Information using WinZip Intranet: Home > Advice and Guidance > ICT > Information Security > How to use your new Encrypted USB Pen Drive Intranet: Home > Advice and Guidance > ICT > Information Security > Procedures Citrix Intranet: Home > Advice and Guidance > ICT > ICT Procurement > Modern and Flexible Working Solutions > Citrix Wireless at home Intranet: Home > Advice and Guidance > ICT > Information Security > Page 1 of 12

2 Why do we need to protect our information? The level of security should be appropriate for the nature of the information and the risk and impact that disclosure or loss could cause for one or more individuals, businesses, or WCC. For information we use on people, either citizen or staff, we are also governed by one of the 8 principles behind the Data Protection Act 1998 information held, should be stored securely. This means that only authorised personnel should have access to information. We should also be mindful about how computers are placed, so that information is not in public view and cannot be seen by passers by this is particularly important for mobile workers. Flexible working and mobile technology create additional hazards for protecting information as we work outside the traditional protected office boundary. What happens if we don t protect our information? You will have seen in the press the impact where information has not been protected and proposals will strengthen powers of inspection and fines. The risks to the council are damage to the council s reputation, financial impact, potential breach of the law and legal action. An individual could make a claim against us for substantial damage if personal information has not been appropriately handled. Page 2 of 12

3 What risks should I be aware of when handling information within the traditional office environment? Post We are all familiar with the postal system; the large majority of items are delivered correctly and unopened. However, every year many thousands of items are undelivered through accident, incompetence or even criminal activity. Specialist delivery services, such as those that require a signature on receipt, are more reliable but are also not immune to abuse or failure. Any information marked as Restricted, (and possibly some Protect or Sensitive information) must be sent recorded signed for or sent via a secure courier. The package MUST be able to be tracked from WCC to the destination, to assist in recovery in the event of the package going missing. If it is electronic information (computer files, etc) then it MUST be protected with encryption. For further clarification on the information classification and its handling, please consult the Protective Marking, Handling and Disposal Policy that will guide you through how to assess the risk and handling required. Intranet : Home > Advice and Guidance > Information Management > Information Security Fax Data sent by fax is secure during transmission the likelihood of it being intercepted and decoded over the normal telephone network is remote. Please note, though: the sender has no control over the location or ownership of the receiving fax machine, so please take that into account before deciding what data you are sending via fax. Page 3 of 12

4 Telephone conversation by landline Generally secure, although the speaker at either end could be overheard; be aware of who might be listening nearby. This has been documented as a good source of information for social engineers (people that pretend to be someone they re not in order to deceive you for their gain). Telephone conversation by mobile phone Exactly the same advice as the landline but more susceptible as you could be in any location when you take the call; anyone could be listening nearby! When using personal mobile phones the log of calls and number used are not usually protected. The use of WCC mobile phones ensure the information held in the phone is encrypted and protected. Crowded areas = more potential eavesdroppers! WCC staff use Lotus Notes to send messages (including attachments) to other Lotus Notes users within the County Council. This is known as an internal because the message is sent only to someone with a WCC account on the corporate network. It is secure within the corporate network and cannot be accessed by unauthorised people or organisations from outside the corporate network (for example, from the Internet). An internal can only be read by the addressee, or someone who has been granted access to the addressee s mail box. However, if a Lotus Notes is addressed to an external address, such as: Page 4 of 12

5 then a copy of that (and any attachments) is sent from the corporate network via the WCC s Internet Service Provider and out on to the Internet...and, at that point, you ve just lost all control over that .. This is because once the has left the corporate network it can not be considered to be secure because the County Council has no control over where that message is saved, who can read it, and where it may subsequently be sent. Note: it is important to understand that all external addresses, not just your home address, are included in this description. In general, Internet is a reliable and convenient way to communicate with people and organisations outside the county council, but please remember that is not secure and should not be used for where personal information may be at risk.should you need to send an or one with an attachment to an external address, that contains Protect or Restricted or personal information, then you must use encryption or the Government Secure Intranet (GCSx ) for public sector partners to protect the and attachment. For encryption please refer to the Protecting WCC Information using WinZip guide, available from the ICT Service Desk or Intranet. Intranet: Home > Advice and Guidance > ICT > Information Security > For more details about use of the Government Secure Intranet (GCSx), please contact the ICT Service Desk. Storing Your Data Whenever you store any data you work with at WCC, it should always be stored on the network, unless, of course, you cannot access the network, for whatever reason. This is because any data stored within the corporate network or any computer/server that forms part of the corporate infrastructure is secure from the outside world in that it cannot be accessed by unauthorised people or organisations from outside the corporate network The easiest way to think about it is this: data within the corporate network can only be accessed by someone with physical access to the device (e.g. actually sitting at a PC) with Page 5 of 12

6 some combination of User IDs and passwords. So as long as it is kept inside the network, it is safe. So it s down to you to make sure that happens A user that is logged on to the corporate network has access to one or more network directories. A network directory (such as the H:drive or Bu on.. ) that you can see in Windows Explorer) is a file storage area on a network server. It will usually have a name such as ICT Security or Programmes where individual teams can keep their data and share it amongst themselves. It can be accessed by any member of staff that has been granted the appropriate rights (typically members of the same team). It s extremely useful for storing shared documents and files and provides the correct level of security needed as only that team can see it and only when they re connected to the WCC network. It can be accessed by the user from any location, not solely the desk or computer that a person normally uses. It can also be accessed remotely, over Citrix. It is also worth noting that it cannot be accessed by unauthorised people or organisations from outside the corporate network (i.e. from the Internet), so provides the highest level of security from external threats. Please do not store information that is classified as Protect, Restricted or personal information on your own PC or any other device at home. Network home directory A user that is logged on to the corporate network has access to their network home directory. A home directory (visible in Windows Explorer, typically, as the G: drive) is a file storage area on the network. It can be accessed only by the user unless special arrangements have been made to grant access rights to someone else. It s useful for storing documents and files you may be working on as well as data that is not required to be shared with your colleagues. Page 6 of 12

7 It can be accessed by the user from any location, not solely the desk or computer that a person normally uses. It can also be accessed from the user s remote access solution. Like the network drive, it cannot be accessed by unauthorised people or organisations from outside the corporate network (i.e. from the Internet), so provides the highest level of security from external threats. The Mobile Worker Any data held on equipment that is taken off site is effectively exposed to the outside world and all the threats that this environment can bring. This brings new ways of thinking about where this information can be stored. It could be a PC Hard Drive, a USB Pen or even a mobile phone. It also includes Tablet PC, floppy disk, CD ROM, and DVDs, and many other examples. Even a digital camera can hold data, if you use it in such a manner! With the increasing need to have access to data at any time it has never been more important to secure that data on mobile devices. Information Security have conducted extensive research into this issue and have come up with the solution in the form of a USB Pen Drive with high level encryption built in. Any information classified as personal, sensitive or restricted needs to be protected while off site and must be stored on the encrypted USB Pen Drive. These are available to order through the ICT Service Desk. For more information, please refer to the article How to use your new Encrypted USB Pen Drive which can be found on the Intranet. Intranet: Home > Advice and Guidance > ICT > Information Security > Procedures ICT Services are working on encryption for mobile devices. Until this feature is ready, the USB Pen Drive remains the most secure solution. Page 7 of 12

8 Getting connected from home or outside of WCC This is a technology that enables a computer user from outside the corporate network to be legitimately and securely connected to the corporate network, via the internet. The technology uses a combination of special software, passwords, and a key fob number generator, to enable the user to connect to (and authenticate to) the corporate network. The system uses two factor authentication. This combines something you know (your password) and something you have (your key fob) to authenticate to the corporate network and to prove that you are who you claim to be. The password or key fob alone is insufficient, and neither are they transferable so, John s password will not work with Jane s key fob. Whilst connected using Citrix all data transmitted between the user s computer and the corporate network travels via the internet and is therefore exposed to the outside world. However, that data link is encrypted using a technology known as a VPN (Virtual Private Network) and is therefore secure should it be intercepted en route. It is important to remember that you should not store WCC documents on your Home PC and avoid storing files locally on your laptop. The preferred method is to access the files remotely through Citrix and then save them back to your Home Network Directory; it s safer, promotes security best practice and protects you from any inadvertent data loss. Intranet: Home > Advice and Guidance > ICT > ICT Procurement > Modern and Flexible Working Solutions > Citrix Page 8 of 12

9 What s the difference between the Internet and Intranet? Intranet The Intranet is a useful tool that is internal to the corporate network and cannot be accessed by unauthorised people or organisations from outside the corporate network (for example, from the Internet). To access this from home, you must use a remote access solution. When you open it you will find it looks like a web page you might visit on the Internet but all the content is internally developed. Internet The one thing to remember is this: except where specialist encryption technology (where data is scrambled so as to appear unreadable) is used, all data transmitted over the internet is insecure. It makes no difference how the user connects to the internet (3G card, home broadband, modem dial up, internet café, library public access etc.) but there are security concerns with each of these solutions so please make sure that you educate yourself about them before you connect. For further advice, please call the ICT Service Desk on (41)4141. It is your responsibility to secure your own Internet connection (home broadband) as any activity on that line will be traced back to YOU. Is your Wi fi connection at home protected and secure? Make sure you understand what is involved read the manual or seek professional advice. Intranet: Home > Advice and Guidance > ICT > Information Security > Page 9 of 12

10 If you re in an Internet Café, then be aware that many people use the same computer so check out the security with the provider before you think about what you need to do. As a good rule do not access important and sensitive sites on a public computer (banking, e commerce, EBay, etc) as you have NO control over what is stored on that PC and any number of nasties could be lurking within. 3G Cards are generally secure as you physically control the device that it s using to make the connection. However, it needs the same controls applied as if it was your home broadband connection. But it s important to realise that the threats from the Internet (viruses, Trojans, malware, etc) will always continue to be a threat. All you can do to minimise the threat is to take steps to make sure you are as secure as you possibly could be. BlackBerry data transmitted to and from a BlackBerry is encrypted. If a Blackberry is lost or stolen, then we have the technology in place to wipe all data remotely by sending a signal to the device. Security of specific applications Applications such as CareFirst, Lotus Notes and Corporate Financial Systems are accessed via a User ID and password. You have to be connected to the corporate network to access these applications. Page 10 of 12

11 Network Administrators and Support Staff There are a number of staff, predominantly (but not exclusively) within ICT Services, that have responsibility to support and maintain the county council s ICT infrastructure. In order to do this these staff may need access rights to all parts of the corporate network and therefore potentially may have access rights to any data. However, this does not mean that any member of staff would use or abuse those access rights and all staff are bound by their conditions of employment which, for staff in ICT Services, includes signing a code of conduct and confidentiality. Physical Security Equipment left in unattended motor vehicles is not covered by WCC s insurance at all. Equipment should never be left unattended in a car where it is visible, and it should never be left in a car overnight. It is best practice not to leave your laptop or other kit unattended in your car at all, even out of sight in the boot. However this may be unavoidable and it is important not to put yourself at risk by carrying around equipment which could make you a target. In this case you should ensure that the equipment is locked in the boot before making the journey rather than after parking. (There have been instances of thieves watching car parks for laptops / valuables being placed in the boot of a car and then targeting an identified vehicle when the owner has left the car park). When taking paper documents or files away from the office, make sure they are locked away and not left unattended. Remove from a car overnight and make secure at home. If you have to take information that is classified as Restricted out of the office, for example a number of case files or lists containing personal information, you must obtain permission from your manager. Treat as you would do in the office and make sure they are locked away. Page 11 of 12

12 Good Practice checklist for using your WCC equipment Do make sure equipment is used and stored out of sight of passers by wherever possible Do exercise the same precautions with passwords as you would in the office don t write them on a post it and stick it on the computer! Do keep key fobs securely out of sight and do not store with password information Do keep equipment safe from damage by pets or small children Don t leave equipment unattended by open windows and patio doors in summer Don t expose equipment to obvious hazards such as spillage from drinks and food (for example if working on the kitchen table) Don t allow friends or family to use WCC equipment Don t use WCC equipment for non work purposes at home Don t store personal or confidential data on the hard disk of your laptop; access data via Citrix. If you have to ensure it is transferred back to the network as soon as possible and deleted from the hard disk of the laptop. Use a USB secure memory stick for transferring data. Don t keep work related personal, restricted, protected or sensitive information on the hard disk of your own personal computer at home Page 12 of 12

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

Mobility and Young London Annex 4: Sharing Information Securely

Mobility and Young London Annex 4: Sharing Information Securely Young London Matters April 2009 Government Office For London Riverwalk House 157-161 Millbank London SW1P 4RR For further information about Young London Matters contact: younglondonmatters@gol.gsi.gov.uk

More information

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING

ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING Introduction and Policy Aim The Royal Borough of Windsor and Maidenhead (the Council) recognises the need to protect Council

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Remote Access and Home Working Policy London Borough of Barnet

Remote Access and Home Working Policy London Borough of Barnet Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

This policy outlines different requirements for the use of PSDs based on the classification of information.

This policy outlines different requirements for the use of PSDs based on the classification of information. POLICY OFFICE OF THE INFORMATION COMMISSIONER Use of portable storage devices 1. Purpose A Portable Storage Device (PSD) is a mobile device capable of storing and transferring digital information. Examples

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March

More information

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

Data Transfer Policy. Data Transfer Policy London Borough of Barnet Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Data Transfer Policy London Borough of Barnet

Data Transfer Policy London Borough of Barnet London Borough of Barnet DATA PROTECTION 11 Document Control Document Description Data Transfer Policy Version v.2 Date Created December 2010 Status Authorisation Name Signature Date Prepared By: IS Checked

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

PS177 Remote Working Policy

PS177 Remote Working Policy PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

Corporate Affairs Overview and Scrutiny Committee

Corporate Affairs Overview and Scrutiny Committee Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated

More information

Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective marking used.

Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective marking used. Handling information based on the protective marking OFFICIAL INFORMATION MARKING Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective

More information

Merthyr Tydfil County Borough Council. Information Security Policy

Merthyr Tydfil County Borough Council. Information Security Policy Merthyr Tydfil County Borough Council Information Security Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of

More information

Information Protective Marking and Handling Policy

Information Protective Marking and Handling Policy Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking

More information

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy ) ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY

PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Data Protection Division Guidance Note Number 10/08

Data Protection Division Guidance Note Number 10/08 Gibraltar Regulatory Authority Data Protection Division Data Protection Division Data Protection Division Guidance Note Number 10/08 Monitoring of Staff Guidance Note Number 10/08 Issue Date: 06/11/2008

More information

Enterprise Information Security Procedures

Enterprise Information Security Procedures GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3

More information

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information

More information

Standard Operating Procedure. Secure Use of Memory Sticks

Standard Operating Procedure. Secure Use of Memory Sticks Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of

More information

NHS Fife. Your Business @ Risk - Information Governance and Security Survey

NHS Fife. Your Business @ Risk - Information Governance and Security Survey NHS Fife Your Business @ Risk - Information Governance and Security Survey Prepared for NHS Fife September 2014 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability

More information

Information Security Code of Conduct

Information Security Code of Conduct Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

BERKELEY COLLEGE DATA SECURITY POLICY

BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data

More information

HR Guide: Agile Working Version: 1.0

HR Guide: Agile Working Version: 1.0 HR Guide: Agile Working Version: 1.0 Contents Section 1 Introduction to Agile Working Section 2 What are the Aims of Agile Working Section 3 Can all employees undertake Agile Working? Section 4 How do

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA PURPOSE PURPOSE This document provides guidance to offices about protecting sensitive customer and company information. The protection of Non-public Personal

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS Your Login ID: GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS CONTENTS 1.0 Introduction... 3 1.1 Welcome to Edinburgh Napier University from Information Services!... 3 1.2 About Information

More information

Acceptable Use of ICT Policy For Staff

Acceptable Use of ICT Policy For Staff Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy

More information

IT Infrastructure Security Policy. Policy and Guidance

IT Infrastructure Security Policy. Policy and Guidance IT Infrastructure Security Policy Policy and Guidance June 2013 Project Name Product Title IT Infrastructure Security Policy Policy and Guidance Version Number 1.2 Final Document Control Organisation Mendip

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

IT Data Security Policy

IT Data Security Policy IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...

More information

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy Computer Security Policy Contents 1 Scope... 3 2 Governance... 3 3 Physical Security... 3 3.1 Servers... 3 3.2

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Outline How do you protect your critical confidential data?

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

-------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------- Fast Facts: On average, around one-third of employees travel regularly for work Just one in three companies, however, prepares for these trips by implementing security guidelines and other measures. This

More information

University for the Creative Arts. Mobile Working and Remote Access Policy

University for the Creative Arts. Mobile Working and Remote Access Policy Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

This guide will go through the common ways that a user can make their computer more secure.

This guide will go through the common ways that a user can make their computer more secure. A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password

More information

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data Security Kit Outline How do you protect your critical

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

UCLH VPN User Guide. January 2009. VPN User Guide v1.3 20090106

UCLH VPN User Guide. January 2009. VPN User Guide v1.3 20090106 UCLH VPN User Guide January 2009 VPN User Guide v1.3 20090106 1. What is the VPN? The VPN (Virtual Private Network) provides users with secure access, using a web browser, to a standard terminal screen

More information

Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information

Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information Im&t directorate\policies\approved ig policiesprocedures.1 Index 1. Purpose... 3 2. Introduction... 3 3. Scope...

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Guidelines for smart phones, tablets and other mobile devices

Guidelines for smart phones, tablets and other mobile devices Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Information Security Policy. Appendix B. Secure Transfer of Information

Information Security Policy. Appendix B. Secure Transfer of Information Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document

More information

Somerset County Council - Data Protection Policy - Final

Somerset County Council - Data Protection Policy - Final Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council

More information

Guide to credit card security

Guide to credit card security Contents Click on a title below to jump straight to that section. What is credit card fraud? Types of credit card fraud Current scams Keeping your card and card details safe Banking and shopping securely

More information

HAZELDENE LOWER SCHOOL

HAZELDENE LOWER SCHOOL HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because

More information

Encryption Policy Version 3.0

Encryption Policy Version 3.0 Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Information Security Adults Services. Practice guidance. Revised Version: 1.2 Effective from: August 2014 Next review date: August 2015

Information Security Adults Services. Practice guidance. Revised Version: 1.2 Effective from: August 2014 Next review date: August 2015 Information Security Adults Services Practice guidance Revised Version: 1.2 Effective from: August 2014 Next review date: August 2015 Sign off: Jenny Daniels Title: Head of Health and Social Care Practice

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

Information Security Guide for Students

Information Security Guide for Students Information Security Guide for Students August 2009 Contents The purpose of information security and data protection...1 Access rights and passwords...2 Internet and e-mail...3 Privacy protection...5 University

More information

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance Remote Access and Mobile Working Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Data Encryption Policy

Data Encryption Policy Data Encryption Policy Number: THCCGCG36 Version: 01 Executive Summary This Policy defines the Security requirements for data encryption upon laptops, physical media and Secure File Transfer within the

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information