IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

Size: px
Start display at page:

Download "IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose..."

Transcription

1 IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This document is version controlled. The master copy is on Ourspace. Once printed, this document could become out of date. Check Ourspace for the latest version. Contents 1. Introduction Policy Statement Purpose Scope Content Risk Assessment Physical & Environmental Security Access Control to Secure IM&T Infrastructure Areas Access Control to the Network Third Party Access Control to the IM&T Infrastructure External Network Connections Maintenance Contracts Data and Software Exchange Fault Logging Data Backup and Restoration All backup systems will be stored securely off-site User Responsibilities, Awareness & Training Accreditation of IM&T infrastructure Systems Technical Security Measures... 7 IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 1 of 11

2 5.15 Secure Disposal or Re-use of Equipment System Change Control Reporting IM&T Security Incidents & Weaknesses System Configuration Management Business Continuity & Disaster Recovery Plans Roles and Responsibilities The Chief Executive The Senior Information Risk Owner (SIRO) Executive Directors and Strategic Business Unit Directors Information Governance Group Head of IM&T (HoIM&T) Information Security and Technical Assurance Manager (ISTAM) All Users of AWP IM&T Systems Line Manager's Responsibilities Standards Training Monitoring or Audit Associated and Related Procedural Documents References IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 2 of 11

3 1. Introduction Avon and Wiltshire Mental Health Partnership NHS Trust (AWP) is bound by the provisions of a considerable number of items of legislation and regulation affecting the stewardship of data and information. Information Governance (IG) ensures the Trust s compliance with applicable legislation, the regulatory framework, Common Law, and mandated Best Practice. In short, IG exists to ensure the Integrity, Availability, Confidentiality and Accountability of the Trust s operational, patient, staff and management information. The AWP Overarching Information Governance Policy defines the Trust s mandated base-line strategy for compliance and effective management in each of the following six areas of Information Governance. Information Governance Management Confidentiality & Data Protection Assurance Clinical Information Assurance Information Security Assurance Secondary Use Assurance Corporate Information Assurance Collectively the information governance policies constitute the top level documentation of the Trust s Information Governance Management System (IGMS). Compliance with all Policies, Procedures and Guidelines contained in the IGMS is mandatory for all persons and organisations operating under the auspices of, or delivering a service to the Trust, whether they are staff, students, volunteers, contractors or partner organisations. Staff should be aware that IGMS Policies are intended to protect the Trust and staff from adverse outcomes in terms of compliance with the law. Where IGMS policies are breached by staff it may be necessary for managers to consider retraining staff, or following the Trust s Disciplinary Procedures. Staff should also note that legal penalties could also be imposed upon the Trust or its employees for non-compliance with relevant legislation and NHS guidance, and in serious cases individuals may not be immune from prosecution or civil legal action by virtue of their employment within the Trust. 2. Policy Statement The AWP information IM&T infrastructure will be available when needed, can be accessed only by legitimate users and will contain complete and accurate information. The IM&T infrastructure must also be able to withstand or recover from threats to its availability, integrity and confidentiality. To satisfy this, AWP will undertake the following: Protect all hardware, software and information assets under its control. This will be achieved by implementing technical and non-technical measures; Provide both effective and cost-effective protection that is commensurate with the risks to its IM&T infrastructure information assets; Implement the IM&T Infrastructure Security Policy in a consistent, timely and cost effective manner; IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 3 of 11

4 Comply with other laws and legislation as appropriate. 3. Purpose The Information Management & Technology (IM&T) infrastructure is a collection of information Technology equipment, and it related software, such as servers, computers, printers, and routers and switches, which are inter-connected. This policy applies to all networks within AWP used for: The storage, sharing and transmission of clinical data and images; The storage, sharing and transmission of non-clinical data and images; Printing or scanning non-clinical or clinical data; The provision of Internet systems for receiving, sending and storing non-clinical or clinical data; To set out the Trust s policy on security of its IM&T infrastructure. This Infrastructure Security Policy applies to all business functions and information contained on the network, the physical environment and relevant people who support the network. It sets out the organisation s policy for the protection of the confidentiality, integrity and availability of the network; establishes the security responsibilities for IM&T infrastructure security and provides reference to documentation relevant to this policy. The aim of this policy is to ensure the security of AWP's network. To do this the Trust will: Ensure availability of the IM&T infrastructure for authorised users and protect it from unauthorised access. Preserve Integrity by protecting the IM&T infrastructure from unauthorised or accidental modification ensuring the accuracy and completeness of the organisation's information assets. Preserve Confidentiality by protecting information assets against unauthorised disclosures and ensuring it is capable of being audited and monitored for compliance and regulatory purposes 4. Scope This is a Trust-wide Policy and applies to IM&T systems and the data held, processed or transmitted by them, including staff, service user, management, audit and all other types of information used by the Trust. This Policy shall apply to all staff and personnel operating under the auspices of the Trust, including locums, contractors, temporary, students, service user representatives, volunteers and partner agency staff. Where a third party has an organisational policy that differs from this policy, a formal agreement as to which policy statement applies shall be outlined and agreed in an appropriate protocol if necessary. In the absence of such an agreement, this Policy shall be deemed to have precedence. IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 4 of 11

5 5. Content 5.1 Risk Assessment AWP will carry out security risk assessment(s) in relation to all the elements of its IM&T infrastructure. The risk assessments will identify the appropriate security countermeasures necessary to protect against possible breaches in confidentiality, integrity and availability. 5.2 Physical & Environmental Security All IM&T infrastructure equipment will be housed in a controlled and secure environment. Critical or sensitive IM&T infrastructure equipment will be housed in secure areas, protected by a secure perimeter, with appropriate security barriers and entry controls. Critical or sensitive IM&T infrastructure equipment will be housed in an environment that is monitored for temperature, humidity and power supply. The Head of IM&T (HoIM&T) is responsible for ensuring that door lock codes are changed periodically, and following a compromise of the code, or if they suspect the code has been compromised, or when required to do so by the Information Security and Technical Assurance Manager (ISTAM). Critical or sensitive IM&T infrastructure equipment will have precautions in place to protect from power supply failures. Critical or sensitive IM&T infrastructure equipment will be protected by intruder alarms and fire detection/suppression systems. Eating and drinking is forbidden in areas housing critical or sensitive IM&T infrastructure equipment. All visitors to secure IM&T infrastructure areas must be authorised by the HOIM&T or their delegates. All visitors to secure IM&T infrastructure areas must be logged in and out. The log will contain name, organisation, purpose of visit, date, and time in and out. The HOIM&T will ensure that all relevant staff are made aware of procedures for visitors and that visitors are monitored, when necessary. 5.3 Access Control to Secure IM&T Infrastructure Areas Entry to secure areas housing critical or sensitive IM&T infrastructure equipment will be restricted to those whose job requires it. The HOIM&T will maintain and periodically review a list of those with unsupervised access. 5.4 Access Control to the Network Access to the IM&T infrastructure will be via a secure log-on procedure, designed to minimise the opportunity for unauthorised access. Remote access to the IM&T infrastructure will conform to the Trust's Remote Access Standards. IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 5 of 11

6 There must be a formal, documented user registration and de-registration procedure for access to the network. Security privileges to the IM&T infrastructure will be allocated on the requirements of the user's job, rather than on a status basis. All users to the IM&T infrastructure will have their own individual user identification and password. Users are responsible for ensuring their password is kept secret and accounts are not shared. User access rights will be immediately removed or reviewed for those users who have left the Trust or changed jobs. 5.5 Third Party Access Control to the IM&T Infrastructure Third party access to the IM&T infrastructure will be based on a formal contract that satisfies all necessary NHS security conditions. All third party access to the IM&T infrastructure must be logged by the appropriate IAO/IAA. 5.6 External Network Connections The HoIM&T shall ensure that all connections to external networks and systems have been documented by the IAA and approved by the ISTAM. Ensure that all connections to external networks and systems conform to the NHS-wide Network Security Policy, Code of Connection and supporting guidance. The ITSS must approve all connections to external networks and systems before they commence operation. 5.7 Maintenance Contracts The Information Asset Owner (IAO) will ensure that appropriate maintenance contracts are maintained and periodically reviewed for all IM&T infrastructure. All contract details will be included within the system documentation retained by the IAO/ISTAM. 5.8 Data and Software Exchange Formal agreements for the exchange of data between organisations must be established and approved by the Trusts Head of Compliance or ISTAM. 5.9 Fault Logging The IAO/Information Asset Administrator (IAA) is responsible for ensuring that a log of all faults on the IM&T infrastructure is maintained and reviewed. IM&T infrastructure Operating Procedures The IAO/IAA will produce Standard Operating Procedures and security contingency plans that reflect this policy Data Backup and Restoration The HoIM&T is responsible for ensuring that appropriate configuration information is recorded to allow the restoration of core systems. IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 6 of 11

7 The HoIM&T will produce an overarching back up strategy and supporting procedures for the backing up of all data. The IAOs are responsible for ensuring that the backup regime for their information assets meet their requirements for business continuity and is included in the back up strategy All backup systems will be stored securely off-site. The HoIM&T will be responsible for the physical integrity of the back-up. The IAO/IAAs are responsible for ensuring that their data is fit for purpose by implementing a suitable testing program User Responsibilities, Awareness & Training The Trust will ensure that all users of the IM&T infrastructure are provided with the necessary security guidance, awareness and where appropriate training, to discharge their security responsibilities. All users of the IM&T infrastructure must be made aware of the contents and implications of the Acceptable Use Policy and associated procedures. All IAO/IAAs must be aware of the contents and implications of this IM&T infrastructure policy Accreditation of IM&T infrastructure Systems All IM&T infrastructure systems within the Trust must be accredited in line with the Trusts Information Asset release procedure and must be approved by the ISTAM and HoIM&T Technical Security Measures Malicious Software: the HoIM&T will ensure that sufficient technical measures are in place to minimise the risk of intrusion from malicious software. All users will be trained and alerted to their responsibility not to take any actions which may result in malicious software entering the system. Data Loss: the HoIM&T will ensure that sufficient technical measures are in place to minimise the risks of data loss. All users will be trained and alerted to their responsibility with regard to data loss. Zero day vulnerabilities: the HoIM&T will ensure that sufficient technical measures are in place to minimise the risks of zero day vulnerabilities. Unauthorised software: the HoIM&T will ensure that sufficient technical measures are in place to minimise the risks of unauthorised software. All users will be trained and alerted to their responsibility with regard to unauthorised software. System misconfiguration: the HoIM&T will ensure that sufficient technical and operational measures are in place to minimise the risks due to misconfiguration of systems. Unauthorised access to Trust systems: the HoIM&T will ensure that sufficient technical measures are in place to minimise the risks of data loss. All users will be trained and alerted to their responsibility with regard to unauthorised access. Access to inappropriate or dangerous web content: the HoIM&T will ensure that sufficient technical measures are in place to allow the Trust to effectively manage and monitor internet usage. Any other identified risk: the HoIM&T will ensure that, where warranted, technical measures will be implemented to detect and protect the IM&T infrastructure systems as they are identified. IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 7 of 11

8 5.15 Secure Disposal or Re-use of Equipment All IM&T equipment must be disposed of by the IM&T department adhering to the Trust procedures and legal compliance requirements as referred to in the Confidential Disposal of Media Waste procedure System Change Control The relevant IAO will approve the relevant change control procedure; the IAA will be responsible for operating the change control procedure Reporting IM&T Security Incidents & Weaknesses IM&T Security incidents will be reported through the adverse incident reporting procedure Any identified weaknesses will be reported on the IAOs own departmental risk register System Configuration Management There should be effective configuration management system for all elements of the IM&T infrastructure Business Continuity & Disaster Recovery Plans The HoIM&T is responsible for maintaining the Trusts IT Disaster Recovery Plan The IAOs/IAAs are responsible for the Business Continuity plans for their identified information assets. 6. Roles and Responsibilities 6.1 The Chief Executive The Chief Executive is responsible for ensuring the Trust s compliance with applicable legislation and regulation. The Chief Executive has delegated the overall IT security responsibility for policy and implementation to the Head of Information Systems and Technology. Responsibility for implementing this policy within the context of IT systems development and use in the organisation is delegated further to the IT Security Specialist. 6.2 The Senior Information Risk Owner (SIRO) The Executive Director of Finance and Commerce and Deputy Chief Executive shall be the Trust Senior Information Risk Owner (SIRO) and shall represent any relevant information risk to the Board of Directors. The SIRO shall receive specialist advice from the IT Security Specialist. 6.3 Executive Directors and Strategic Business Unit Directors IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 8 of 11

9 Executive Directors and Strategic Business Unit Directors are responsible for the implementation of the standards of compliance specified in this policy within their areas of responsibility. 6.4 Information Governance Group The Information Governance Group shall monitor and report on the implementation of the Trust s Information Governance Management System (IGMS). 6.5 Head of IM&T (HoIM&T) The Head of IM&T (HoIM&T) will define and implement effective security countermeasures. Produce all relevant security documentation, security operating procedures and contingency plans reflecting the requirements of the IM&T infrastructure Security Policy. All such documentation will be included in the IT Department's Asset register. 6.6 Information Security and Technical Assurance Manager (ISTAM) The ISTAM shall monitor system and user activity for compliance with this policy. Investigate reported Incidents or alerts have that may affect the organisation's systems, applications or networks and liaise with HR, IG and Security Management as appropriate Review and approve proposals for connecting the Trust s systems, applications or networks to third party systems, applications or networks. Produce organisational standards, procedures and guidance on Information Security matters for approval by the IGMG Working with the HOIM&T, IOAs and SIRO to ensure that risks to IT systems are reduced to an acceptable level by applying security countermeasures identified following an assessment of the risk. Approving system security measures for the infrastructure, systems and common services. 6.7 All Users of AWP IM&T Systems All users of AWP IM&T systems are responsible for ensuring that their use of Trust systems is conducted in compliance with this policy and have a duty to report any instances of noncompliance they witness to their managers. Prevent the introduction of malicious software on the organisation's IT systems. Report any suspected or actual breaches in information security 6.8 Line Manager's Responsibilities Line Managers are responsible for ensuring compliance with this policy through appropriate managerial arrangements including supervision, training, performance management and the use of disciplinary procedures where necessary. It is the responsibility of Line Managers to enable their staff to attend suitable information governance training. IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 9 of 11

10 7. Standards This policy shall be assessed against the Information Governance Toolkit standards. 8. Training The Trust's overarching policy for training is the Learning and Development Policy and this should be read in conjunction with this policy. The Learning and Development Policy also describes the Trust's arrangements for training, in particular how there are processes in place to ensure staff receive the training they require and how non-attendance is followed up. These arrangements are further supported by management supervision and appraisal processes. Individual Line Managers are responsible for ensuring their staff are aware and adhere to this policy. 9. Monitoring or Audit Monitoring shall be proactive and designed to highlight issues before an incident occurs, and should consider both positive and negative aspects of any examined process. Compliance with this policy shall be monitored by the ISTAM and formally reported to the Information Governance Group (IGG) quarterly, and shall be assessed annually using the Information Governance Toolkit. Internal Audit shall conduct an annual audit of Information Governance Assurance Statement and the NHS Operating Framework and report their findings and recommendations to the IGMG. Where failings have been identified, action plans shall be drawn up and changes made to arrangements to reduce the risks. The IGG shall facilitate the review and update of this policy and supporting IG policies. 10. Associated and Related Procedural Documents A list of related Trust policies can be found on Ourspace 11. References A full list of the applicable legislation referenced in the compilation of this policy can be viewed in the NHS Information Governance Guidance on Legal and Professional Obligations at the following link: DH_ IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 10 of 11

11 Version History Version Date Revision description Editor Status /01/2011 Review by Information Governance Group Information Technology Security Specialist Approved /03/2011 Reviewed by Quality & Healthcare Governance Committee /02/2013 Approved by Finance and Planning Committee Information Technology Security Specialist Information Technology Security Specialist Approved Approved /04/2016 Update and Tidy ISTAM /04/2016 Approved by Finance and Planning Committee ISTAM Approved IM&T Infrastructure Security Policy Expiry date: 15/04/2019 Version No: 4.0 Page 11 of 11

Information security policy. Document author Assured by Review cycle. 1. Introduction Policy statement Purpose Scope...

Information security policy. Document author Assured by Review cycle. 1. Introduction Policy statement Purpose Scope... Information security policy Board library reference Document author Assured by Review cycle P021 Information Security and Technical Assurance Manager Finance and Planning Committee 3 year This document

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

Records management policy. Document author Assured by Review cycle. Audit and Risk Commitee. 1. Introduction...3. 2. Purpose or aim...3. 3. Scope...

Records management policy. Document author Assured by Review cycle. Audit and Risk Commitee. 1. Introduction...3. 2. Purpose or aim...3. 3. Scope... Records management policy Board library reference Document author Assured by Review cycle P017 Head of Compliance Audit and Risk Commitee 3 Years This document is version controlled. The master copy is

More information

Supplier Remote Access Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Purpose or aim...3. 3. Scope...3. 4. Definitions...

Supplier Remote Access Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Purpose or aim...3. 3. Scope...3. 4. Definitions... Supplier Remote Access Policy Board library reference Document author Assured by Review cycle P157 Information Security and Technical Assurance Manager Finance and Planning Committee 1 year This document

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

INFORMATION TECHNOLOGY SECURITY POLICY

INFORMATION TECHNOLOGY SECURITY POLICY INFORMATION TECHNOLOG SECURIT POLIC Document Author Written By: Deputy Director of IM&T / Interim Head of ICT Authorised Signature Authorised By: Chief Executive Date: February 2015 Date: 17 March 2015

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Security Policy

Information Security Policy You can learn more about the programme by downloading the information in the related documents at the bottom of this page. Information Security Document Information Security Policy 1 Version History Version

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

NORTH SOMERSET COUNCIL. Corporate Information Security Policy

NORTH SOMERSET COUNCIL. Corporate Information Security Policy Corporate Information Security Policy NORTH SOMERSET COUNCIL Corporate Information Security Policy Version 1_8 FINAL Author Date Approved Review Date Contents Authorisation Statement... 3 Document Amendment

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Security Policy

Information Security Policy Information Security Policy Revised: September 2015 Review Date: September 2020 New College Durham is committed to safeguarding and promoting the welfare of children and young people, as well as vulnerable

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

Physical Security Policy Template

Physical Security Policy Template Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your

More information

SOA ISO Statement of Applicability

SOA ISO Statement of Applicability SOA ISO 27001 2005 Statement of Applicability A.5 Security A.5.1 Information Security A.5.1.1 A.5.1.2 Information security policy document Review of the information security policy A.6 Organisation of

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Information Security Management System (ISMS) Policy

Information Security Management System (ISMS) Policy Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Information Security Policy Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Document Information Trust Policy Number : ULH-IM&T-ISP01 Version : 3.1 Status : Approved Issued by : Information Governance

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

University of Brighton School and Departmental Information Security Policy

University of Brighton School and Departmental Information Security Policy University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

IS INFORMATION SECURITY POLICY

IS INFORMATION SECURITY POLICY IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L. Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

Remote Network Access Procedure

Remote Network Access Procedure Remote Network Access Procedure Version: 1.1 Bodies consulted: - Approved by: PASC Date Approved: 20.8.13 Lead Manager: Ade Sulaiman Responsible Director: Simon Young Date issued: Aug 13 Review date: Jul

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

JOB DESCRIPTION. DEPARTMENT : Pharmacy Heartlands, Solihull & Good Hope Hospitals

JOB DESCRIPTION. DEPARTMENT : Pharmacy Heartlands, Solihull & Good Hope Hospitals JOB DESCRIPTION JOB TITLE : Senior Pharmacy Technician DEPARTMENT : Pharmacy Heartlands, Solihull & Good Hope Hospitals GRADE : Band 5 HOURS OF DUTY : 37.5 hours per week. The Trust operates a 7 day working

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005

Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005 Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005 Introduction The new standard ISO/IEC 27001:2013 has been released officially on 1 st October 2013. Since we understand that information

More information

Information Security Incident Management Policy

Information Security Incident Management Policy Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY ISO 27002 5.1 Author: Owner: Organisation: Chris Stone Ruskwig TruePersona Ltd Document No: SP- 5.1 Version No: 1.0 Date: 10 th January 2010 Copyright

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

UCD Information Technology Services Acceptable Use Policy

UCD Information Technology Services Acceptable Use Policy UCD Information Technology Services Acceptable Use Policy To safeguard individuals and to ensure the integrity and reliability of information services, UCD has a number of Use Policies. These are designed

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:

More information

IT Infrastructure Security Policy. Policy and Guidance

IT Infrastructure Security Policy. Policy and Guidance IT Infrastructure Security Policy Policy and Guidance June 2013 Project Name Product Title IT Infrastructure Security Policy Policy and Guidance Version Number 1.2 Final Document Control Organisation Mendip

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information