Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data"

Transcription

1 Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013

2 Contents 1. Introduction Definitions Physical Electronic Transferring data securely within the University Transferring data securely to eternal third parties... 9 Page 2 of 10 Created on: 21/06/2013

3 1. Introduction Data is not managed solely through control the use of electronic information systems. Everyone processing personal data needs to be aware of the environment they are working in and take consistent appropriate action to protect against accidental damage or disclosure, unauthorised access or theft. Failure to secure data could result in a 500, 000 fine from the Information Commissioners Office and/or bad publicity for the University. Appropriate action means taking sensible approaches to security relative to the nature and sensitivity of the information for example: More caution should be taken when protecting sensitive personal data than is perhaps necessary with personal data (that does not mean that obligations towards personal data can be ignored) or The transfer of data in paper format may require a different approach to the transfer of data on an encrypted memory stick. This document provides some best practice advice on the security of data and should be implemented locally or individually as appropriate. 2. Definitions For definitions of terms used in the guidance, please see the Data Protection section of the University website 3. Third Party Access Temporary Staff working with personal data are no different to permanent staff. They need to be made aware of their responsibilities towards Data Protection. External contractors such as maintenance engineers may require access to areas or systems in the University containing personal data. Staff should not allow them unattended access to any more than they require in order to complete their work. Page 3 of 10 Created on: 21/06/2013

4 4. Physical 4.1 Working in the Office Most University buildings require large areas to be open access so as to allow students, staff, visitors and contractors to go about their legitimate business. The University takes steps to maintain general security to ensure that most office areas have a level of restricted access, but that does not mean that individuals handling personal data can relax or fail to be mindful of their actions in relation to the information they are handling. Faculties and departments should ensure that access to rooms in which they store personal data is restricted to authorised personnel only (this can include supervised guests ). Unauthorised personnel should not be allowed unattended access into areas where they may be able to access personal data, including where it is stored and accessed electronically. Members of staff should be aware that they are responsible for maintaining the integrity of information security. For physical records this can be achieved through simple common sense actions such as: Where possible, locking the door to an empty office/room when they leave which helps prevent unauthorised access, even if only for a few minutes. Challenging (politely) anyone in a secure area whom they do not recognise. Not leaving files containing personal data lying on a desk for anyone to pick up. Not leaving printed documents sitting on top of the printer for someone else to pick up. Locking sensitive data in secure cabinets, draws or other containers where they are provided. Not placing paper documents next to hazards such as liquids that could damage them. Page 4 of 10 Created on: 21/06/2013

5 Committee or board papers where personal data has been discussed (for example exam boards) should be disposed of securely by the meeting secretary and not taken away to be forgotten about. Disposing of physical records securely using the confidential waste sacks and not in the normal bins. 4.2 Working Off-Site No personal data should be collected or taken off-site without a legitimate and approved (by Faculty Registrar or Head of Service) purpose. Staff who are not required to work on personal data offsite should never transfer it away from the University. There may be times when members of staff may have a genuine reason for doing so, for example researchers may gather information offsite or Academics may from time to time work from home to mark papers. Processing information away from the University increases the risk of accidental loss, damage or theft, therefore staff should take the following precautions to minimise the risk when transferring and storing data. No personal data should be taken offsite without a clear understanding as to why it needs to be taken outside of the University and only with the permission of the appropriate senior manager. A record of what information is being taken offsite should be logged, if possible by type and the details of the individuals to whom it relates e.g. exam papers for module xyz, year 2. This way if they are lost, the University knows what information is missing. A record of when the information is returned to the University should also be kept. When using public transport it is important to ensure that bags containing portable devices are not left unattended or out of sight. This includes ensuring that they are not checked in as baggage on flights or left at the other end of a train carriage in the luggage compartment. Personal data should not be left in unattended cars. If there is a need to leave a car whilst transferring personal information, it must be locked out of sight securely in the boot not left on display on the front seat. Page 5 of 10 Created on: 21/06/2013

6 4.3 Loss of Personal Data Offsite In the event of loss or theft of a physical document containing personal data, notify the Police as soon as possible and make a record of the crime number. Notify the University as to what has been lost and the circumstances of the loss, including any precautions taken prior to the incident. Notices should be sent to the University office, the Records and Information Manager and the relevant Faculty/Department office. 5 Electronic 5.1 Working in the Office The University IT systems have inbuilt levels of security, such as logging on to the University Network or logging on additionally to other systems, but staff should still be aware of the threats posed to the integrity of personal data they access when using their computer. VDU screens should be positioned/angled in a way so that people walking by cannot view the detail displayed on them - not face on to an external window or within the office where visitors might walk past and view them. When leaving the computer unattended, even if it s only for a minute, you should remember to press Ctrl, Alt and Delete and lock the computer. This will prevent anyone accessing the computer without a password. Passwords should not be shared with other users unless there is an absolute emergency, they should then be changed at the earliest opportunity. No member of staff should allow another person, including other staff to use their log on details. Generic team accounts should not be created for accessing personal data Data should not be downloaded from University systems without a documented, legitimate purpose for doing so. Page 6 of 10 Created on: 21/06/2013

7 5.2 Working off Site No personal data should be collected or taken off-site without a legitimate and approved purpose. Staff who are not required to work on personal data offsite should never transfer it away from the University. Where staff have been authorised to work offsite, the following guidance should be adhered to: Portable Devices Portable devices include (but not limited to) Laptops, ipads, USB memory sticks, external hard drives, smart phones. Where possible, use remote access through DesktopANYWHERE (See 5.3) rather than transferring information on a portable device. Only use University supplied encrypted Laptops. If using a laptop/ipad in a public area (coffee shops, trains etc.) it is important to limit the view other people may have of the screen. Do not allow anyone else to use the device whilst personal information may be accessible from it. Do not use a public computer to access University systems containing personal data. Make sure that electronic data is backed up to the University network before you copy it to the device. Never transfer original files. Portable devices must be password protected or encrypted, or in the case of USB drives, disks or other storage devices, each stored file must as a minimum be protected by a password. All personal data should be transferred onto the university network and deleted from portable devices immediately upon return to the office, even if the same information will be taken away again the same day. Where the device synchronises with the University account, s containing personal data should be deleted from the device at the earliest opportunity before leaving the University or upon receipt if already away from the University. Page 7 of 10 Created on: 21/06/2013

8 5.2.2 Remote Access through DesktopANYWHERE Ensure that virus scanning software is up to date on all home computers or other devices used to remote access via DesktopANYWHERE. Do not allow other people (family, friends) to use computers whilst they are connected through DesktopANYWHERE. Documents should not be saved to the computer unless absolutely necessary. Any University Documents stored on the home computer should be saved back onto the University network and then deleted from the home PC. Recycle bins should be emptied immediately upon deletion. 5.3 Loss of Personal Data Offsite Portable devices are susceptible to loss or theft. In the event of loss or theft of an electronic portable device, notify the Police as soon as possible and make a record of the crime number. Notify the University as to what has been lost and the circumstances of the loss, including any precautions taken prior to the incident. Notices should be sent to the University office, the Records and Information Manager and the relevant Faculty/Department office. If the device is a University ipad, notify IT Services so that the data can be remotely wiped. 6 Transferring data securely within the University Should you be asked to provide sensitive personal data to a member of University staff, you should always confirm the identity of the person making the request and the purpose for which it is required. If you are unsure as to whether or not the data should be supplied, contact the Records and Information Manager who will advise. 6.1 Hard Copy Information or portable Electronic Devices Personal data may be transferred internally using the internal mail Records containing sensitive personal data may be transferred via the internal mail system; however, there might be some instances (e.g. Page 8 of 10 Created on: 21/06/2013

9 medical reports) where it is more appropriate to hand deliver the information. Any transfer of personal information should be marked Confidential The decision on the most appropriate method should be based upon the sensitivity of the particular data and the urgency in which it is required s Personal data may be transferred internally using the internal but check to ensure that the recipients in the To, CC or BCC fields are members of staff and not students with the same name. Sensitive personal data may, with prior approval, also be transferred internally using the internal but check the recipients in the To, CC or BCC to ensure that they: o Are members of staff and not students with the same name. o Are entitled to view the information you are sharing (i.e. have a documented legitimate business need) o Have checked that any Delegates on their inbox are authorised to view the information or that they have removed anyone who should not access the data. o Attached documents are password protected. o Subject includes the word **Confidential** 7 Transferring data securely to external third parties For advice on which third parties can received personal data, see the guidance document Guidelines for the use of Personal Data Third Party Access Where the University is the Data Controller, do not use FTP, Dropbox or any other online service (see Guidelines for the use of cloud based storage for storing and sharing University Information ) Where the University is a Data Processor on behalf of an external Data Controller, staff should follow the requirements of the Data Controller. If there are any concerns about the requested method of transfer, raise them with the University Records and Information Manager. Page 9 of 10 Created on: 21/06/2013

10 If personal data is to be transferred externally via or on a disk, password protects the document(s) and telephone the recipient with the password. Never send the documents and the passwords together. Where sending documents (or disks, memory sticks etc.) by post, consider send it via registered delivery, especially where the data included sensitive personal information. Mark all correspondence, whatever the media of transfer as confidential and for the recipient only. If the information is to be faxed, check the number and then check it again before sending. For further guidance or advice, please contact: Duncan James Records and Information Manager Vice Chancellor s Office Ellison Building Telephone: x7357. Page 10 of 10 Created on: 21/06/2013

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Remote Working Policy

Remote Working Policy Remote Working Policy Table of Contents 1 Introduction... 2 2 Authorisation... 2 3 Precautions... 3 4 Equipment... 4 5 Report damage, loss or theft... 4 6 Right of access to information... 5 7 Policy Review...

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March

More information

Remote Access and Home Working Policy London Borough of Barnet

Remote Access and Home Working Policy London Borough of Barnet Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

Why do we need to protect our information? What happens if we don t?

Why do we need to protect our information? What happens if we don t? Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING

ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING Introduction and Policy Aim The Royal Borough of Windsor and Maidenhead (the Council) recognises the need to protect Council

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

Internet, , Computer, and Telecommunications Policy

Internet,  , Computer, and Telecommunications Policy Internet, Email, Computer, and Telecommunications Policy 1. Purpose This policy sets out appropriate use of Monitor internet, email, general computer, and telecommunication services and equipment. This

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY

PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Standard Operating Procedure. Secure Use of Memory Sticks

Standard Operating Procedure. Secure Use of Memory Sticks Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of

More information

Mobile Devices and Remote Working Policy

Mobile Devices and Remote Working Policy Mobile Devices and Remote Working Policy Document Reference Information Version 1.0 Status Final Author/Lead Risk and IG Manager Date Effective February 2015 Date of Next Formal Review January 2017 Version

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

Enterprise Information Security Procedures

Enterprise Information Security Procedures GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3

More information

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should

More information

SCRIPT: Security Training

SCRIPT: Security Training SCRIPT: Security Training Slide Name Introduction Overview 1 Overview 2 Overview 3 Text Welcome to the MN WIC Program Security Training Module for all MN WIC Program staff provided by the MN Department

More information

Mobile Computing Policy

Mobile Computing Policy Mobile Computing Policy Overview and Scope 1. The purpose of this policy is to ensure that effective measures are in place to protect against the risks of using mobile computing and communication facilities..

More information

Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective marking used.

Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective marking used. Handling information based on the protective marking OFFICIAL INFORMATION MARKING Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will:

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will: Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

Working away from the Office: Records Management, Freedom of Information and Data Protection Implications.

Working away from the Office: Records Management, Freedom of Information and Data Protection Implications. Working away from the Office: Records Management, Freedom of Information and Data Protection Implications. 1. Introduction 1.1. This guidance is intended for all University staff and research students,

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY Introduction 1. Looe Community Academy Trust (the Academy) is required to maintain certain personal data about living individuals for the purposes of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy January 2016 Next Review Due: January 2017 Co-ordinator: Miss M Rudge/Mrs J McColl 1 ACADEMY DATA PROTECTION POLICY POLICY DATE: JANUARY 2016 REVIEW DATE: JANUARY 2017 Introduction

More information

Data Protection for Schools Compliance Checklist

Data Protection for Schools Compliance Checklist Data Protection for Schools Compliance Checklist Here is a simple bullet point list of actions your school should take to work towards compliance with the Data Protection Act. It is a non - exhaustive

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

This policy outlines different requirements for the use of PSDs based on the classification of information.

This policy outlines different requirements for the use of PSDs based on the classification of information. POLICY OFFICE OF THE INFORMATION COMMISSIONER Use of portable storage devices 1. Purpose A Portable Storage Device (PSD) is a mobile device capable of storing and transferring digital information. Examples

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

Data Protection Guidance

Data Protection Guidance 53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES INTRODUCTION These Policies and Procedures apply to all CIPFA volunteers that have access to, use, store and share significant amounts of personal data. It is critically important that this data is handled

More information

Data Protection Procedures

Data Protection Procedures Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

Information Security Policy

Information Security Policy Information Security Policy 1 Version and Review Summary Rev Date Author Approver Revision description 1.00 April 2009 T Monachello Formal Review 1.01 1 st June 2009 T.Monachello Information Governance

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

University for the Creative Arts. Mobile Working and Remote Access Policy

University for the Creative Arts. Mobile Working and Remote Access Policy Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:

More information

Network Security Policy

Network Security Policy KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility

More information

Mobile Devices Policy

Mobile Devices Policy Mobile Devices Policy (constitutes BYOD Policy pro tem) Version Number: 2.0 Effective from 17 December 2015 Author: Senior Information Security Officer, Legal, Planning & Governance Directorate & ITS Technical

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

BERKELEY COLLEGE DATA SECURITY POLICY

BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Policy and Procedure Document. Information Security Incident Management Policy and Procedure

Policy and Procedure Document. Information Security Incident Management Policy and Procedure Policy and Procedure Document Information Security Incident Management Policy and Procedure [23/08/2011] Page 1 of 9 Document Control Organisation Redditch Borough Council Title Information Security Incident

More information

Information Technology Acceptable Usage Policy

Information Technology Acceptable Usage Policy Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Information Security Incident Management Policy

Information Security Incident Management Policy Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy Computer Security Policy Contents 1 Scope... 3 2 Governance... 3 3 Physical Security... 3 3.1 Servers... 3 3.2

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Case Recording Practice Adults Services

Case Recording Practice Adults Services Case Recording Practice Adults Services Guidance on case recording practice and on document management Version: 3.3 Effective from: 1 st October 2014 Next review date: 1 st Nov 2015 Signed off by: Jenny

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

Network Password Management Policy & Procedures

Network Password Management Policy & Procedures Network Password Management Policy & Procedures Document Ref ISO 27001 Section 11 Issue No Version 1.3 Document Control Information Issue Date April 2009, June 2010, September 2011 Status Approved By FINAL

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.

More information

Information Governance

Information Governance CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

A common sense guide to the Data Protection Act 1998 for volunteers

A common sense guide to the Data Protection Act 1998 for volunteers A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

IT Infrastructure Security Policy. Policy and Guidance

IT Infrastructure Security Policy. Policy and Guidance IT Infrastructure Security Policy Policy and Guidance June 2013 Project Name Product Title IT Infrastructure Security Policy Policy and Guidance Version Number 1.2 Final Document Control Organisation Mendip

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW10-110 SOP 3 SOP NO: VERSION NO:

your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW10-110 SOP 3 SOP NO: VERSION NO: STANDARD OPERATING PROCEDURE: Safe Haven Procedure SOP NO: VERSION NO: APPROVING COMMITTEE: DATE THIS VERSION APPROVED: TW10-110 SOP 3 3 Information Governance Committee July 2013 RATIFYING COMMITTEE:

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Information Security Code of Conduct

Information Security Code of Conduct Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security

More information

Mobility and Young London Annex 4: Sharing Information Securely

Mobility and Young London Annex 4: Sharing Information Securely Young London Matters April 2009 Government Office For London Riverwalk House 157-161 Millbank London SW1P 4RR For further information about Young London Matters contact: younglondonmatters@gol.gsi.gov.uk

More information

Data Protection Policy

Data Protection Policy 1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.

More information

Information Security Incident Reporting & Investigation

Information Security Incident Reporting & Investigation Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how

More information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

Information Security Handbook for Employees

Information Security Handbook for Employees Information Security Handbook for Employees Providing our patients with excellence in healthcare includes protecting their information This handbook was prepared by Tom Walsh Consulting, LLC for the Kansas

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Data Protection Procedure

Data Protection Procedure Data Protection Procedure [QP2.28] Procedure Number: QP2.28 Revision Number: 3 Date of issue: January 2006 Status: Approved Date of approval: May 2006 Responsibility for procedure: Director of Information

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

MOBILE DEVICE SECURITY POLICY

MOBILE DEVICE SECURITY POLICY State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois Department of Central Management Services Bureau of Communication and Computer

More information