06100 POLICY SECURITY AND INFORMATION ASSURANCE

Size: px
Start display at page:

Download "06100 POLICY SECURITY AND INFORMATION ASSURANCE"

Transcription

1 Version: 5.4 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low Management of Police Information (MoPI) The Hampshire Constabulary recognises that any information it holds must be for a policing purpose and managed in accordance with the force policy on MOPI 1. About This Policy 1.1. This policy outlines the mandatory security requirements and management arrangements to which Hampshire Constabulary employees and those working on behalf / for the Hampshire Constabulary must adhere This policy applies to all personnel (police officers, police staff, special constabulary, contractors, temporary staff and volunteers) who have access to protectively marked material in any form This policy is in support of the current version of the Corporate Information Management Strategy The Hampshire Constabulary has a responsibility to ensure that its information systems meet the standards set by the ACPO/ACPO(S) Information Systems Community Security Policy. 2. General Principles 2.1. This policy Deals with: a). b). c). d). e). Governance, Risk Management and Compliance; Protective Marking and Asset Control; Personnel Security; Information Security and Assurance; Physical Security.

2 3. Statement of Policy 3.1. Governance, Risk Management & Compliance This section deals with: a). b). c). d). e). f). g). h). i). Governance; Roles, accountability and responsibilities; Risk management; Assurance; Self assessment; Central reporting; Audit and review; Culture, training and professionalism; International Agreements; Governance Hampshire Constabulary employees and those working on behalf / for the Hampshire Constabulary are required to familiarise themselves with the requirements of the Security & Information Assurance Procedures and comply with their provisions Security requirements for the Force originate from the Cabinet Office. The Hampshire Constabulary Policies and Procedures are aligned to the Cabinet Office Security Policy Framework to enable the effective protection and utilisation of Force assets (people, information and equipment) The Security & Information Assurance Policies and Procedures outline the mandatory security policy requirements that all must meet when using Force assets or attending Force premises. Under certain circumstances additional security will be required. This could be due to threat levels, threat actors, impact levels etc. The Security & Information Assurance Policies and Procedures must also be extended, where necessary, to any organisations working on behalf of, or handling Force assets, such as contractors, Local

3 Authorities, or regular suppliers of goods and / or services Roles, accountability and responsibilities Hampshire Constabulary have designated personnel who have overall responsibility for security within the Force The day to day responsibilities for all aspects of Protective Security are managed by the Security & Information Assurance Unit Overall responsibility for Force Security rests with the Deputy Chief Constable who takes the role of the Senior Information Risk Owner (SIRO) Managers To be aware of Information Security Policies and Procedures and their individual responsibility as well as those of their staff; to ensure compliance in their area of responsibility To regularly monitor staff IT accounts and information processes to ensure compliance Employees, volunteer and non police personnel working on behalf or with the Constabulary Are responsible for compliance with the Information Security Policies and Procedures to ensure that security measures are adhered to in order to prevent / minimise vulnerabilities to the organisation, it s staff and it s assets Risk Management The Hampshire Constabulary have adopted a risk management approach to cover all areas of protective security across the organisation All Hampshire Constabulary assets must be registered and the person responsible for those assets must be identified and aware of their responsibilities Asset owners will need to understand the vulnerability and likelihood of attack from various threats, value them in terms of the impact from loss or failure of

4 confidentiality, integrity and availability and assign a proportionate level of protection to mitigate, and / or recover from, the potential loss or failure of those assets. The identified risk should be reviewed annually Audit and review The Security & Information Assurance Unit will conduct internal reviews of security arrangements throughout the Force. These will include OpSec and Protective Security reviews The Security & Information Assurance Unit must demonstrate compliance with the controls contained within the Information Assurance Maturity Model Culture, training and professionalism Hampshire Constabulary will ensure that: a). b). c). d). e). Board members responsible for security undergo security and risk management familiarisation upon appointment; All members of the Security & Information Assurance Unit will receive relevant training from agencies such as the Centre for Protection of National Infrastructure (CPNI) at the earliest opportunity after appointment; Security education and awareness will be built into all staff inductions, with regular familiarisation thereafter; Hampshire Constabulary plan to foster a culture of proportionate protective security; All security incidents will be reported as per The HANTSPOL Guidance and Instruction for Information Security to the Sy & IA Unit or via Confide in Us to allow for anonymous reporting of security incidents International Security agreements Hampshire Constabulary will ensure that they will adhere to any UK obligations in multilateral or bilateral international agreements Protective marking and asset control

5 This section deals with: a). b). Legal Requirements; Official Secrets Acts; c). Data Protection Act 1998; d). e). f). g). h). i). j). k). Freedom of Information Act; The need to know principle; International Security Standards; International Security Agreements; Material originating outside of HMG; The Government Protective Marking Scheme; Universal Controls; Breaches; Legal requirements Hampshire Constabulary staff are to familiarise themselves with the Official Secrets Acts, Data Protection Act and Freedom of Information Act. Staff handling protectively marked information will be given guidance on how this legislation relates to their role Official Secrets Acts Hampshire Constabulary employees will sign up to the Official Secrets Act on the signing of their contract Data Protection Act 1998 (DPA) All Hampshire Constabulary employees must follow the minimum standards and procedure for handling citizen or personal data Procedure Data Protection describes Hampshire Constabulary employees responsibility under the Data Protection Act Freedom of Information Act (FOIA)

6 Any protectively marked material that is to be released under the Freedom of Information Act is de-classified first and is marked as such. The originator, or specified owner, must be consulted before protectively marked material can be de-classified Procedure Freedom of Information Responding to Requests describes the procedure to be followed by Hampshire Constabulary when dealing with FOIA requests MOPI The Hampshire Constabulary will manage police information in accordance with the principles of the Code of Practice on the Management of Police Information, and the MoPI guidance For more information see Policy Management of Police Information (MoPI) The need to know principle Access to protectively marked assets is only to be granted on the basis of the need to know principle For more information see The Hantspol guidance & Instruction on Information Security International security standards The GPMS is designed to meet the principles of the international standard of Information Security Management Systems (ISO/IEC series) Material originating outside of Her Majesty s Government (HMG) Hampshire Constabulary employees must ensure that non-hmg material which is marked to indicate sensitivity is handled at the equivalent level within the Protective Marking Scheme, or where there is no equivalence, to the level offered by PROTECT as minimum The Government Protective Marking System (GPMS)

7 All personnel must apply the Protective Marking in accordance with Government Protective Marking Scheme (GPMS) and the necessary controls and measures as outlined in this policy and subordinate linked documentation For more information see Procedure and the Security & Information Assurance Intranet pages: Universal controls The following baseline controls must be followed for all protectively marked material: Access is granted on a genuine need to know and use basis Assets must be clearly and conspicuously marked. Where this is not possible staff must have the appropriate security control and be made aware of the protection and controls required Only the originator or the designated owner can protectively mark an asset. Any change to the protective marking requires the originator or designated owner s permission. If they cannot be traced, a marking may be changed, but only by consensus with other key recipients Assets sent overseas must be protected as indicated by the originator s marking and in accordance with any international agreement. Particular care must be taken to protect assets from foreign Freedom of Information legislation by use of national prefixes and caveats of special handling instructions When destroying official records, held on any media, consideration must be given to those records that may be of historical interest the following link refers: Disposal Schedule Historical Records A file, or group of protectively marked documents or assets, must carry the protective marking of the highest marked document or asset contained within it (e.g. a file containing CONFIDETIAL and RESTRICTED material must be marked CONFIDENTIAL Breaches

8 Deliberate or accidental compromise of protectively marked assets may lead to disciplinary, performance and / or criminal proceedings All security breaches will be reported to the Security & Information Assurance Unit: a). Phone: ; b). Security Incident Mailbox For more information on Security Breaches see Procedure Personnel Security This Section Deals with: a). b). c). d). e). Risk Management; Force Security Vetting; National Security Vetting; Ongoing personnel security management ( Aftercare ); Appeals; Risk Management Hampshire Constabulary, as a part of the risk management approach to protective security, will assess the need to apply personnel security controls against specific posts and the access to sensitive assets (designated posts) Hampshire Constabulary employ a risk management approach to Personnel Security in accordance with protective security principles. These seek to reduce the risk of damage, loss, or compromise of Hampshire Constabulary assets and/or reputation by application of personnel security controls before and during employment. These controls do not provide a guarantee of reliability and must be supported by effective line management, nor should they be considered an alternative to the correct application of the need to know principle.

9 Hampshire Constabulary when making a decision on a security clearance will take into account all information available to them and will evidence their decision When making a vetting decision judgement is exercised and all the information obtained during the clearance process is taken into consideration. The existence of one or more factors of concern does not necessarily or conclusively demonstrate unreliability or present an unmanageable risk. The PSVU will consider the nature, likelihood and credibility of the threat and adopts the ACPO National Vetting Policy as guidance for all of the Units processes and assessment criterion Force Security Vetting All personnel wishing to join Hampshire Constabulary, or provide a service which requires access to its premises or information assets, must be subject to the appropriate vetting process as per the Association of Chief Police Officers (ACPO) National Vetting Policy National Security Vetting Hampshire Constabulary will apply National Security Vetting only where it is necessary, proportionate and adds real value and in accordance with the ACPO National Vetting Policy and Government Protective Marking Scheme Ongoing personnel security management ( Aftercare ) Hampshire Constabulary will conduct aftercare as required by the ACPO National Vetting Policy. This will include formal reviews of all vetting clearances, managers and individuals must participate in the process and are responsible for informing the Personnel Security & Vetting Unit (PSVU) if any change in circumstance that may impact on the suitability to hold security clearance Appeals Vetting Unit Homepage Hampshire Constabulary record all vetting results and will report where appropriate to the Professional Standards Tactical and Strategic TCG.

10 3.4. Information Security & Assurance This Section deals with: a). b). c). d). e). f). g). h). i). j). k). l). Information security; Managing information risk; Business impact; Personal data; Roles and responsibilities; Accreditation and audit; Codes of connection and technical controls; Cryptography; Eavesdropping and Electro-magnetic countermeasures; Remote working / mobile media; Procurement; Reporting incidents; m). Secure disposal; n). o). Education, training and awareness; Business continuity and disaster recovery planning; Information Security Hampshire Constabulary employees, and those working on behalf / for the Hampshire Constabulary MUST adhere to all Hampshire Constabulary security policies and supporting procedures Managing information risk As a part of the risk management and accreditation process an annual technical risk assessment of Hantspol and other relevant systems and applications will be completed.

11 Business impact Hampshire Constabulary will in conjunction with the Protective Marking System, use Business Impact Levels (ILs) to assess and identify the impacts to the business through the loss of Confidentiality, Integrity and / or Availability of data and / or assets, should the risk be realised. Aggregation of data will be considered as a factor determining ILs Personal data Hampshire Constabulary employees and those who work for / on behalf of the Constabulary must comply with the data protection principles as set out in the Data Protection Act 1998 and Procedure to ensure a high level of confidence that personal data is handled correctly Roles and responsibilities Information risk must be specifically addressed in the departmental annual Statement on Internal Control (SIC), which is signed off by the Chief Constable Accreditation and audit All Hampshire Constabulary Information Systems will be formally accredited prior to installation. Accreditation will be reviewed annually or more often where re-accreditation conditions apply The HANTSPOL Accreditation Document Set contains the necessary information security assurance and risk calculations All new information assets and ICT systems will have an audit functionality to enable regular compliance checks and which will include a forensic readiness plan that will maximise the ability to preserver and analyse data generated by an ICT system, that may be required for legal and management purposes All new ICT systems must have suitable identification and authentication controls to enable the risk of unauthorised access to be managed and to enable auditing and the correct management of user accounts.

12 Codes of connection and technical controls Hampshire Constabulary will follow the requirements of any codes of connection and / or shared services security policies to which they are signatories Hampshire Constabulary have the following technical policies in place, policy refers: a). b). c). d). e). Patching policy; Policy to manage risks posed by all forms of malicious software ( malware ), including viruses, spyware and phishing etc; Boundary security devices (e.g. firewalls); Content checking / blocking policy; Lockdown policy to restrict unnecessary services and ensure that no user has more privileges than required; Cryptography The Hampshire Constabulary will ensure that information where appropriate will be encrypted to the appropriate level. All CAPS approved encryption is kept in accordance with HMG IA Standard No For more information contact the Security & Information Assurance Unit Remote working / mobile media See Procedure for information on remote working (e.g. home or mobile). This procedure sets out the correct practices when working remotely Procurement Security requirements will be specified in all contracts where applicable. Security requirements are mandatory for all ICT contracts and those contracts where personal data is involved Reporting incidents

13 All actual and suspected security incidents must be reported to the Security & Information Assurance Unit by ing the Security Incidents Mailbox or calling For more information on reporting security incidents see procedure Secure disposal All media used for storing or processing protectively marked or otherwise sensitive information must be disposed of or sanitised securely For more information on secure disposal see procedure Education, training and awareness All Hampshire Constabulary employees will receive appropriate security awareness and training, be familiarised with Security Operating Procedures (SyOPs) and will be made aware of the process for reporting incidents Business continuity and disaster recovery planning Hampshire Constabulary will ensure that Business Continuity and Disaster Recovery Plans are in place at all relevant locations For more information on Business Continuity see Policy Extensions to the Force Network Extending the Force data network into premises that are not under the control of the Hampshire Constabulary will incur vulnerabilities and, impacts on the confidentiality, integrity and availability of our information systems. For further details on the process for extending the force data network into new locations and premises see link to Remote Access (Network Extensions) 3.6. Physical Security This section deals with:

14 a). b). c). d). e). f). g). h). i). j). Purpose; Defence in Depth; Storage of sensitive assets; Secure containers; Secure rooms; Office areas; Building security; Physical access control; Incoming mail and deliveries; CCTV Purpose Physical security involves the appropriate layout and design of facilities, combined with suitable security measures, to prevent unauthorised access and protection of Hampshire Constabulary, people, information, materials and infrastructure. This requires putting in place, or building into design, measures that prevent, deter, delay and detect, attempted or actual unauthorised access, acts of damage and or violence, and triggers an appropriate response Hampshire Constabulary s Baseline Objectives for the access, storage, control and transmission and disposal and destruction of assets can be found here Defence in Depth Hampshire Constabulary will adopt a layered approach to physical security Storage of sensitive assets In order to identify appropriate security measures the Security & Information Assurance Unit will conduct a Physical Security Assessment.

15 Critical, sensitive and protectively marked assets must be located in secure Hampshire Constabulary premises or approved premises and be protected by a defined perimeter where possible, with appropriate security barriers and entry controls Security containers Protectively Marked or valuable material must be secured in appropriate security containers. Large amounts of protectively marked material or equipment which cannot be stored in a security container, must be stored in a secure room For more information on Protective Marking see Procedure Secure rooms Rooms holding protectively marked material or sensitive assets will have windows, doors, locks and entry control which meets the appropriate standard Offices must be adequately secured when unoccupied, e.g. windows and doors closed and where applicable locked Office areas Hampshire Constabulary recognise and use the Need to Know principle. This is used to ensure that access to protectively marked material by individuals who do not have a need to access it is avoided Where practicable (adequate storage is available) a clear desk policy will exist. The purpose of a clear desk policy is to ensure that sensitive material is not left unattended A clear screen and wall policy will be enforced, screens must be positioned to prevent overlooking (e.g. overlooked by a window or reflective surfaces), where this is not possible other measures must be introduced, for example blinds Buildings Hampshire Constabulary will assess the security risks to it s estate ensuring that security is fully integrated

16 at an early in the process of planning, selecting, designing and modifying their facilities In any building in which protectively marked or other valuable assets are stored physical security controls will exist these will take into account the level of sensitivity and the level of threat to the site or assets Sensitive / covert sites and areas These sites / areas will include but are not limited to: a). Special Branch; b). Major Crime; c). Specialist Investigations; d). Scientific Services; e). Serious and Organised Crime; f). Intelligence Directorate; g). Professional Standards Department Anti- Corruption Unit; h). Professional Standards Department Security and Information Assurance Those sites listed above and those that use CONFIDENTIAL systems will require a higher level of security For advice of additional Security measures please contact the Security & Information Assurance Unit Physical Access Control Hampshire Constabulary will control access to its estate using safeguards that will prevent unauthorised access Hampshire Constabulary staff must familiarise themselves with this policy and this guidance on physical access Access control refers to the practice of controlling and monitoring access to a property or asset.

17 All Hampshire Constabulary employees and non-police personnel working for or on behalf of the Constabulary are required to wear (if not in uniform) / carry their ID / Warrant Card when on Hampshire Constabulary premises (See procedure 06104) Hampshire Constabulary employees are encouraged to challenge any individual who is not wearing an authorised identity card or uniform To restrict entry, Hampshire Constabulary premises will have either an automatic access control system (AACS) which works in conjunction with the ID / Warrant card to allow access for authorised personnel only or alternatively Mechanical Push Button Locks (MPBL) will be used A visitor is classed as someone which the station they are attending is not their normal place of work and/or they are not employed by Hampshire Constabulary e.g. contractor, from another agency. Visitors must report to either the reception or a staff member to advise of their presence Visitors must: a). b). c). d). Sign in and out of Hampshire Constabulary premises; Wear a temporary pass which must be returned on leaving; Be escorted whilst in the building; Regular contractors who have free and unsupervised access to the building must be vetted CCTV Where CCTV is installed it will be done in accordance with the Data Protection Act Working away from Hampshire Constabulary Premises For information on how to securely work away from Hampshire Constabulary premises see procedure

18 4. Implications of the Policy 4.1. Financial Implications / Best Value The implementation of the required information security standards will incur substantial resource implications for the Hampshire Constabulary. The cost of physical and technical security controls required for new initiatives will be included in their procurement Staffing / Training All staff in the Force will receive relevant training with regard to information security and will be required to reaffirm compliance with the Security Operating Procedures annually. Computer based training has been developed for Information Security and Data Protection this must be completed by all new starters Bureaucracy It is not envisaged that this policy will produce any undue bureaucracy Risk The main risk attached to the implementation of this policy would be through budgetary restriction Consultation In Creating this policy, consultation has been carried out with: 5. Monitoring/ Evaluation 5.1. The Professional Standards Department is responsible for the monitoring and, where appropriate, the enforcement of all breaches of Policy - Information Security and associated procedures.

19 6. Review 6.1. This policy will be reviewed every three years or more frequently as deemed necessary 7. Related Policies, Procedures and Information Sources 7.1. Related Force Policies/Procedures Professional Standards IT Security Management Security at Police Buildings 7.2. Information Security Procedures The HANTSPOL Guidance & Instruction for Information Security User s Responsibilities in Respect of Information Systems Remote Working / Mobile Media Force Identity & Warrant Cards & PCSO Designation Cards Protective Marking Secure Erasure / Disposal Data Protection Freedom of Information Responding to Requests Information Sharing Use of Internet Web Browsing

20 Security at Police Buildings 7.3. Information Sources HMG Security Policy Framework HMG Information Assurance Standards ACPO / ACPOS Information Systems Community Security Policy AD203 Equality Impact Assessment Origin: Information Management

Wiltshire Police Force Information Security Policy

Wiltshire Police Force Information Security Policy Wiltshire Police Force Information Security Policy Table of Contents 1. INTRODUCTION 2. PURPOSE 3. SCOPE 4. POLICY STATEMENT 5. ROLES & RESPONSIBILITIES 6. ACCREDITATION 7. MOBILE & REMOTE WORKING 8. 3

More information

Issued 10092010 Page 1 of 40 Version 1.2

Issued 10092010 Page 1 of 40 Version 1.2 Contents statement 1. Overarching Security Statement 2. Introduction 3. Scope 4. Security policy 5. Organisation of information security 6. External parties 7. Asset management 8. Human resource security

More information

HMG Security Policy Framework. v.6.0 May 11

HMG Security Policy Framework. v.6.0 May 11 HMG Security Policy Framework May 2011 2 May 2011 Contents Page Foreword by Sir Gus O Donnell 5 Introduction to the Security Policy Framework 7-8 Overarching Security Policy Statement 9 Core Security Principles

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information

POLICY REFERENCE NUMBER Version 1.1. NEXT REVIEW DATE: June 2017 RISK RATING EQUALITY ANALYSIS

POLICY REFERENCE NUMBER Version 1.1. NEXT REVIEW DATE: June 2017 RISK RATING EQUALITY ANALYSIS POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Information Assurance POLICY REFERENCE NUMBER A022 Version 1.1 POLICY OWNERSHIP DIRECTORATE BUSINESS AREA

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Not Protectively Marked

Not Protectively Marked TITLE CCMT Sponsor Department/Area Section/Sector INFORMATION SECURITY POLICY Deputy Chief Constable Professional Standards Department Force Security 1.0 Rationale 1.1 This policy sets out the approach

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Appendix 3 - Joint FRS Information Security & Assurance Sub Group Action Plan

Appendix 3 - Joint FRS Information Security & Assurance Sub Group Action Plan Appendix 3 - Joint FRS Information Security & Assurance Sub Group Action Plan HFR Version 2 5th Oct 2010 Objective 1 - Introduce mandatory requirements 11, 12, 14, 15, 16, 19, 21, 31, 32, 33, 34, 35, 36,

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

33500 POLICY USE OF SOCIAL MEDIA

33500 POLICY USE OF SOCIAL MEDIA Version: 1.2 Last Updated: 15/06/15 Review Date: 25/06/18 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. This policy describes how Hampshire Constabulary s use of social media

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Version 11.0 October 2013 Contents Introduction... 4 Government Security Responsibilities... 4 Role of the Centre... 5 Policy Context... 7 Critical National Infrastructure

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

IT Infrastructure Security Policy. Policy and Guidance

IT Infrastructure Security Policy. Policy and Guidance IT Infrastructure Security Policy Policy and Guidance June 2013 Project Name Product Title IT Infrastructure Security Policy Policy and Guidance Version Number 1.2 Final Document Control Organisation Mendip

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

UK SBS Physical Security Policy

UK SBS Physical Security Policy UK SBS Physical Security Policy Version Date Author Owner Comments 1.0 16 June 14 Head of Risk, Information and Security Compliance (Mel Nash) Senior Information Risk Owner (Andy Layton) Ist Issue following

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

PS177 Remote Working Policy

PS177 Remote Working Policy PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection

More information

Government Security Classifications April 2014

Government Security Classifications April 2014 Government Security Classifications April 2014 Version 1.0 October 2013 THE GOVERNMENT SECURITY CLASSIFICATIONS WILL COME INTO FORCE ON 2 APRIL 2014 Page 1 of 35 Version 1.0 October 2013 Version History

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

Information Security Policy

Information Security Policy Information Security Policy Version 2 Date Approved by Board 8 March 2016 Date of previous approval 4 February 2014 Date of next Review February 2018 You may also be interested in the following policies:

More information

Information and Communication Technology. Information Security Policy

Information and Communication Technology. Information Security Policy BELA-BELA LOCAL MUNICIPALITY - - Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 - BELA-BELA 0480 - Tel: 014 736 8000 Fax: 014 736 3288 - Website: www.belabela.gov.za - - OFFICE OF THE MUNICIPAL

More information

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures SECURITY INCIDENT REPORTING AND MANAGEMENT Standard Operating Procedures Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme.

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

DWP INFORMATION SECURITY POLICY

DWP INFORMATION SECURITY POLICY DWP INFORMATION SECURITY POLICY Contents Background... 1 Scope... 1 Accountabilities... 2 Policy Statements... 2 Responsibilities... 3 Background 1.1 DWP is committed to ensuring that effective security

More information

Introduction. The steps involved in using this tool

Introduction. The steps involved in using this tool Introduction This tool is designed to cover all the relevant control areas of ISO / IEC 27001:2013. All sorts of organisations and Because it is a general tool, you may find the language challenging at

More information

Information Security Policy

Information Security Policy You can learn more about the programme by downloading the information in the related documents at the bottom of this page. Information Security Document Information Security Policy 1 Version History Version

More information

Information Security Policy

Information Security Policy Information Security Policy Revised: September 2015 Review Date: September 2020 New College Durham is committed to safeguarding and promoting the welfare of children and young people, as well as vulnerable

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

Infrastructure Security Policy

Infrastructure Security Policy Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd ICT Infrastructure Security Policy September 2013 Version 1.0 Page 1 of 11 CONTROL SHEET FOR ICT Infrastrutcure Security

More information

Information Security Policy

Information Security Policy Information Security Policy 1 Version and Review Summary Rev Date Author Approver Revision description 1.00 April 2009 T Monachello Formal Review 1.01 1 st June 2009 T.Monachello Information Governance

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

Information Governance and Assurance Framework Version 1.0

Information Governance and Assurance Framework Version 1.0 Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance

More information

The Community Security Trust (CST) 1st March Last Review April Next Review due April PSNI Headquarters

The Community Security Trust (CST) 1st March Last Review April Next Review due April PSNI Headquarters PURPOSE PARTNERS HPCC National Police Chiefs' Council The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

University of Brighton School and Departmental Information Security Policy

University of Brighton School and Departmental Information Security Policy University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives

More information

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE If you ve been served with a Technical Capability Notice, here are some of things that will be required of you. v 8.3 The obligations the

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

Appendix 1 Information Security Information Security Policy Document

Appendix 1 Information Security Information Security Policy Document Appendix 1 Information Security Information Security Policy Document Responsible Officers: Approved by Version: Date: Hayley Green, Head of Buildings and Facilities Final (to be added) Contents 1 Introduction...

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

Protective Security Governance Policy. Outlines ANAO protective security arrangements

Protective Security Governance Policy. Outlines ANAO protective security arrangements Protective Security Governance Policy Outlines ANAO protective security arrangements Version 2.0 Effective JULY 2012 Document management Document identification Document ID Document title Release authority

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Gifts, Hospitality, Discounts, Travel, Concessions and Other Potential Conflicts of Interest

Gifts, Hospitality, Discounts, Travel, Concessions and Other Potential Conflicts of Interest Policy Title CCMT Sponsor Department/Area Section / Sector Gifts, Hospitality, Discounts, Travel, Concessions and Other Potential Conflicts of Interest Deputy Chief Constable Professional Standards Headquarters

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION

CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION Made by the Secretary of State for the Home Department under sections 39 and 39A of the Police Act 1996 and sections 28, 28A, 73 and 73A of the

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Not Protectively Marked

Not Protectively Marked TITLE CCMT Sponsor Department/Area Section/Sector VETTING POLICY Deputy Chief Constable Professional Standards Department Force Security 1.0 Rationale 1.1 This policy adopts the requirements of the ACPO

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

Information Protective Marking and Handling Policy

Information Protective Marking and Handling Policy Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Quick Guide To Information Governance Policies

Quick Guide To Information Governance Policies Quick Guide To Information Governance Policies Data Protection The Data Protection Act 1998 established principles and rights in relation to the collection, use and storage of personal information by organisations.

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

BBSRC, MRC and NERC Joint Security Policy. Contents. Policy statement

BBSRC, MRC and NERC Joint Security Policy. Contents. Policy statement BBSRC, MRC and NERC Joint Security Policy Contents Policy statement 1. Principles 2. Perceived threats 3. Roles and responsibilities 4. Security planning 5. Local procedures 6. Risk assessments 7. Monitoring

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

Risk Management Authority

Risk Management Authority Risk Management Authority Records Management Plan RMA Records Management Plan 0 Contents Page 1. Introduction 2 1.1 Background 2 1.2 Records Management in the RMA 3 1.3 Records covered by this Plan 3 1.4

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

OFFICIAL. NCC Records Management and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy

More information

Merthyr Tydfil County Borough Council. Information Security Policy

Merthyr Tydfil County Borough Council. Information Security Policy Merthyr Tydfil County Borough Council Information Security Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information