Acceptable Use Policy Mental Health Clinical Information System (PSOLIS)
|
|
- Dennis Horn
- 7 years ago
- Views:
Transcription
1 Acceptable Use Policy Mental Health Clinical Information System (PSOLIS) Mental Health Division November 2009
2 Acknowledgement: This document would not have been possible without the contribution of the PSOLIS Audit Steering Committee members; Theresa Marshall Mark Pestell Patrick Marwick Robert Edey David Ward Michael Kalynuik Mary Blake Sharon Mannion Kirsty Edoo Paul Jowett Donna Slattery Tom Pinder Creswell Surrao Consultant Clinical Governance Reviews, Office of the Chief Psychiatrist Representative Area Manager, South Metropolitan Area Health Service - Mental Health Representative Clinical Director, CAMHS North Metropolitan Area Health Service - Mental Health Representative Senior Program Officer, WA Country Health Service Mental Health Representative Manager Mental Health Information, Women and New Born and Child and Adolescent Health Service Representative Clinical Systems Coordinator, Bentley Health Service Mental Health Representative Systems Administrator, North Metropolitan Area Health Service Mental Health Representative A/Area Coordinator Mental Health Information System, South Metropolitan Area Health Service Mental Health Representative Application Manager PSOLIS, Health Information Network Representative Technical Lead PSOLIS, Health Information Network Representative Application Specialist PSOLIS, Health Information Network Representative Manager Mental Health Information System, Information Management and Reporting Directorate Representative Senior Program Manager, Statewide Mental Health Governance and Performance, Mental Health Division Representative Version Control: Purpose: Stipulate acceptable use of the mental health clinical information system PSOLIS Relevant To: PSOLIS Users Approval Authority: Effective Date: 01 Dec 2009 Review Date: Mental Health Operations Review Committee/PSOLIS Custodians 30 Nov 2014 Responsible Group: PSOLIS Management Group Enquiries Contact: Creswell Surrao, Senior Program Manager Tel: Source Document: Acceptable Use Standard Computing & Communication Facilities Department of Health, Government of Western Australia
3 Table of Contents Introduction General Obligations To Whom Does This Policy Apply 1. Purpose 1.1 Policy Scope 2. Policy Statement 2.1 Responsible Use 2.2 General Security 2.3 Ethical Use of the PSOLIS Application 2.4 Record Keeping 2.5 Compliance Monitoring and Controls 2.6 Breaches 3. Background 4. Training 5. Related Legislative and other Documents 6. Appendices a. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations b. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations c. Operational Directive No: Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services d. Operational Circular No: OP1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) e. Operational Circular No: OP1916/05 Ambulatory (Community) Mental Health Data Collection g. Department of Health Western Australia Data Management Policy h. Department of Health Western Australia Data Custodianship Policy and list of assigned Data Custodians and nominated delegates for the PSOLIS Application i. Information Security Policy j. Portable Computer and Storage Devices Policy
4 Introduction This policy establishes the minimum obligations incumbent upon all staff both government and non-government who have access to the mental health clinical information system PSOLIS and must be read in conjunction with the Department of Health Western Australia Acceptable Use Standard Computing & Communications Facilities and all other policies and guidelines and Operational Directives pertaining to the PSOLIS application. General Obligations Staff must use the PSOLIS application in a responsible manner, taking into account the consequence their actions may have. Staff must not use the PSOLIS application; for any unlawful, illegal, malicious or improper purpose; to access without the relevant permissions any information held within the application; to disclose private or confidential information contained within PSOLIS for any purpose other than those reasons identified within the FOI Act and in keeping with Department of Health policies and guidelines for information disclosure; to enter information into PSOLIS that is offensive, defamatory, abusive or that violates any law or regulation; To Whom Does This Policy Apply? The Acceptable Use Policy applies to all Department of Health WA staff with access to the mental health clinical information system PSOLIS and includes but is not limited to: all staff, contractors, casuals, students and volunteers; operators of any Department of Health WA Services any external organisation or their staff and, organisations offering outsourcing arrangements for the Department of Health WA REMEMBER Staff will be required to provide an acknowledgment (by signing a Declaration Form issued by their respective service that this policy has been provided to them and read and understood by them). The signed Declaration Form will be held on each individual staff member s personal file.
5 1 Purpose This policy sets out acceptable use of the mental health clinical information system PSOLIS by all authorised users. The provision of this policy is intended as a minimum requirement that must be complied with and is not meant to be exhaustive. The Purpose of this policy is to: ensure users are aware of their role, responsibilities and obligations when using the PSOLIS application; prevent misuse of the application ; ensure users recognise the privilege of and confidential nature of patient information; inform users of Department of Health WA s obligation to routinely monitor for compliance with this policy; identify the consequences of breaching this policy; ensure staff members are not exposed to unethical behaviour such as privacy violations as a consequence of user actions; and avoid conduct that violates any written law whether or not expressly mentioned in this policy (e.g. The Western Australian Criminal Code 440A, which addresses unlawful use of computers); This policy complies with and should be read in conjunction with the Public Sector Code of Ethics and all other Professional Codes of Conduct associated with discipline specific professions. 1.1 Policy Scope Use of the mental health clinical information system PSOLIS includes all electronic transmissions to or through the application.
6 Policy Statements 2.1 Responsible Use Mental Health Clinical Information System PSOLIS must be used responsibly Unauthorised or inappropriate use of the mental health clinical information system PSOLIS could result in limitations on use, disciplinary actions, criminal penalties and/or staff and other users being held liable for any inappropriate use. Staff should act professionally in the workplace and refrain from using the mental health clinical information system PSOLIS for activities that are inappropriate. Misuse or inappropriate use of the PSOLIS application includes: a) For any personal use. Personal Use is any activity that is conducted for purposes other than accomplishing the official business of the DoHWA e.g. looking up information in PSOLIS regarding a relative or friend or a person associated with a sentinel event for no apparent clinical or administrative reason b) Use of PSOLIS application as a staging ground or platform to gain unauthorised access to other Department of Health computer systems or other illegal computer trespass for example, hacking; c) The intentional unauthorised internal or external transmission of any information subject to the Privacy Act for example, patient information. d) Using another person s digital authentication of logon and password e) Avoiding established security procedures, such activities include but are not limited to accessing all PSOLIS information and PSOLIS-derived sub-sets of information in any form by not complying with established access as per DoH WA policies and protocols. 2.2 General Security The PSOLIS application and any information contained therein must not be placed in jeopardy Staff should be aware that their use / access to the PSOLIS application is made with the understanding that such use may not be private. Use of the PSOLIS application by staff may be disclosed to employees within the Department of Health who have a need to know in the performance of their duties e.g. Operational Data Custodians for the PSOLIS application who are the: Director, Mental Health WACHS and delegate: Senior Program Manager, Mental Health WACHS The PSOLIS application contains monitoring tools and inappropriate use may be reported to authorised staff or the human resource Corporate Governance Directorate who investigate inappropriate use. The privacy rights of any individual staff member with
7 access to the PSOLIS application will not be violated unless proven that such rights have been misused / violated. To assist with general security staff should; Not share their PSOLIS access logon and password; Change their password if anyone else may know it; Activate the screen saver or lock the workstation if they are away from their desk; and; Always log out when finished using the system; REMEMBER Users are responsible for the use of their PSOLIS logon and password. If you believe it has been compromised in any way, you must report it immediately to your supervisor / manager. 2.3 Ethical Use of the PSOLIS application The PSOLIS application will only be used in an ethical manner in accordance with the Department of Health Western Australia Acceptable Use Standard Computing & Communications Facilities and all other Information Technology policies, guidelines and Operational Directives pertaining to the PSOLIS application. PSOLIS users should respect the privacy and confidentiality of client information and observe the provisions of the Commonwealth Privacy Act 1988 and comply with the Public Sector Code of Ethics when using the application. 2.4 Record Keeping Electronic records are part of the business records of the Department of Health WA Any records created within the PSOLIS application should form part of the health record of an individual consumer and should be accorded the same standards of professional documentation and printed, signed and retained in the same way. This is especially so as documents held electronically in the PSOLIS application are part of the business records of the Department of Health WA and are essential to the preservation of a proper audit trail.
8 2.5 Compliance Monitoring and Controls The Department of Health WA has a legal obligation to monitor access to the PSOLIS application. Individual area mental health services will routinely monitor and investigate staff access and usage of the PSOLIS application. This will occur to confirm compliance with the requirements of this policy initiative and to investigate possible incidents of breaches and unauthorised access. A breach for the purposes of this policy may include but not be limited to the following; Access to a client record in PSOLIS that is outside a PSOLIS user s usual permissions / primary access stream without a relevant clinical or administrative need. Monitoring process; A random selection of staff will be routinely selected for audit Where a record outside of their stream has been accessed it will be crossed checked to establish there is a corresponding service event of clinical / administrative relevance The period of audit will be the preceding two weeks access to the PSOLIS application PSOLIS Audit Reports; PSOLIS Local Administrators and Report Administrators are able to produce three different Audit reports for the purpose of monitoring access to client records at their Mental Health Service(s). Audit: User of Interest: Report Parameters; Date From Date To User Report Format PDF, Word or Excel. Report results display the designated user s access to all client and non-client records, including both in-stream and out-of-stream access, for specified date range. An Access Without Role column indicates any out-of-stream access 1 Access to clients that are blocked to the user running the report will appear in the results but shall be marked as non-client. 1 When Current Only Users selected Global Read Only Users are not listed unless they also have stream specific access
9 Audit: Out of Stream Access: Report Parameters; Date From Date To Stream Report Format PDF, Word or Excel Report results display All User access regardless of Stream permission to all client records that have been accessed within the specified stream, regardless of having stream roles or not at time of access 3 Audit: Client of Interest: Report Parameters; Date From Date To Client Report Format PDF, Word or Excel. Report results display user access to the designated client record. Includes all users who have accessed designated client record within the specified stream who do not have a role in any of the client streams at the time 2 Flowchart for accessing audit reports in PSOLIS; Access PSOLIS Administrative Reports Audit - Client of Interest Report regarding user access to a desiganated client record Audit - Out of Stream Access Report regarding All Users access to All client records for designated stream Audit - User of Interest Report regarding a designated user's access to all client records Review report information if apparant user access breach identify; user date/time of breach client cmhi/umrn follow protocol requirements contact user's MHS Manager seeking clarification for user access to client record Follow protocol if breach has occurred 2 Users that access client records via their Global Read Only privilege will still be indicated as an out-of streamaccess.
10 2.6 Breaches Disciplinary action may occur for any breaches associated with the PSOLIS application. Breaches to the PSOLIS application will be regarded as a serious matter and disciplinary or other action may be initiated at the discretion of the Operational Data Custodian for the employing Area Mental Health Service. The Operational Data Custodians or their delegates will not automatically assume an allegation of inappropriate use / access has occurred until all the facts have been assessed and a requirement for action is warranted. Where a breach has been identified staff will be required to provide a reason for the breach. Staff may then be informed that their access to the PSOLIS application will be routinely monitored for a period to be determined by the Operational Data Custodian or their delegate. At its absolute discretion, Area Mental Health Services reserve the right to suspend or terminate staff access to the mental health clinical information system PSOLIS if breaches have occurred. At the discretion of the Area Mental Health Service all instances of inappropriate access / use of the mental health clinical information system PSOLIS especially with regard to repeat offenders, will be reported to the Corporate Governance Directorate who may then report the incident to the Corruption and Crime Commission. REMEMBER The Acceptable Use Policy contains the following: Responsible Use General Security Ethical Use Record Keeping Compliance Monitoring and Controls Breaches
11 3 Background Staff who require access to the mental health clinical information system PSOLIS must do so in accordance with relevant State and Commonwealth legislation governing Information Technology. When using the mental health information system PSOLIS, Area Mental Health Services expect users to have a basic working knowledge of how the PSOLIS application works its functions and its type of uses relevant to their level of access and permissions. Area Mental Health Services will routinely assess users need for training and refresher training in the PSOLIS application. 3.1 Out-of-Hours / Remote Access Access to the PSOLIS application is routinely required outside of normal business hours and whilst providing mental health care to consumers in rural and remote services. Current practice involves phoning or visiting Hospital/Health Service sites to obtain information from the PSOLIS application. No information other than anecdotal evidence on the number of times this occurs is currently available. Where Area Mental Health Services consider providing remote access to health professionals to the PSOLIS application via a range of secure methods including but not limited to access from the Internet\Health Remote; via SecureClient and Secure Portal, the following should apply; Determine criteria and processes for approval Assess the appropriateness of individual applications for approval Request a regular audit report for the Remote Access User Group for individual Area Mental Health Services The confidentiality and security requirements remain similar to requirements for in-house / health service site access to the PSOLIS application. 4 Training Area Mental Health Services will ensure that all staff who are provided with access to the mental health clinical information system PSOLIS will have the requisite training in the application, its functions and uses relevant to their level of permissions. It is also an expectation that regular refresher training in the PSOLIS application will be provided by Area Mental Health Services. 5 Related Legislative and other Documents Department of Health Western Australia Operational Directives / Circulars and Policy initiatives; 1. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations
12 2. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations 3. Operational Directive No: Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services 4. Operational Circular No: OP 1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) 5. Operational Circular No: OP 1916/05 Ambulatory (Community) Mental Health Data Collection 6. Department of Health Western Australia Data Management Policy 7. Department of Health Western Australia Data Custodianship Policy Public Sector Standards / Legislation 1. Western Australian Public Sector Code of Ethics 2. Public Sector Management Act 1994 (WA) State and Commonwealth Legislation 1. Commonwealth of Australia Privacy Act Western Australian State Records Act Western Australian Mental Health Act 1996 Appendices: (Please click on the hyperlink for intranet please print and provide copies for Non-Public Sector Organisations with access to POSLIS) a. Operational Directive No: OD 0131/08 Access to the Mental Health Clinical Information System (PSOLIS) by Public Sector Organisations b. Operational Directive No: OD 0132/08 Access to the Mental Health Clinical Information System (PSOLIS) by Non-Public Sector Organisations c. Operational Directive No: Mandatory Data Collection and Recording Requirements for Specialised Public Mental Health Services d. Operational Circular No: OP1917/05 Programs (Service Units) in the Mental Health Clinical Information System (PSOLIS) e. Operational Circular No: OP1916/05 Ambulatory (Community) Mental Health Data Collection g. Department of Health Western Australia Data Management Policy oc h. Department of Health Western Australia Data Custodianship Policy and list of assigned Data Custodians and nominated delegates for the PSOLIS Application
13 i. Information Security Policy doc j. Portable Computer and Storage Devices Policy
14
Information Circular
Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal
More informationSOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY
SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy
More informationInternet Use Policy and Code of Conduct
Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT
More informationOPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:
OPERATIONAL DIRECTIVE Enquiries to: Ruth Alberts OD number: OD0321/11 Performance Directorate Phone number: 9222 4218 Date: February 2011 Supersedes: OD 0107/08 File No: F-AA-00673 Subject: Data Stewardship
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationUSE OF INFORMATION TECHNOLOGY FACILITIES
POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised
More informationPOLICY ON USE OF INTERNET AND EMAIL
POLICY ON USE OF INTERNET AND EMAIL OVERVIEW Public sector employees are accountable for their use and management of all public resources including the use of services such as the Internet and electronic
More informationSTRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS
Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationCommunications - Use & Management of Misuse of NSW Health Communications Systems
Policy Directive Ministry of Health, NSW 73 Miller Street North Sydney NSW 2060 Locked Mail Bag 961 North Sydney NSW 2059 Telephone (02) 9391 9000 Fax (02) 9391 9101 http://www.health.nsw.gov.au/policies/
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationAcceptable Use Policy Internet and Email - Students
Acceptable Use Policy Internet and Email - Students Ref HR01 Acceptable Use Policy Internet and Email - Students Review Date: August 2016 North East Scotland College All rights reserved INTRODUCTION Information
More information1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner
Policy Details 1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner 4. Date created February 2015 5. Date of
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationUse of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013
Use of Social Networking Websites Policy START DATE: March, 2013 NEXT REVIEW: March 2015 COMMITTEE APPROVAL: Joint Management Trade Union Committee CHAIR S SIGNATURE: STAFF SIDE CHAIR S SIGNATURE: DATE:
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationConditions of Use. Communications and IT Facilities
Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other
More informationFor personal use only
CONTENTS Introduction Objective Scope Standards of Behaviour Work Environment Community Engagement Financial Information and Integrity Company Property and Information Bribery and Corruption Breaches Approval
More informationRevelstoke Board of Education Policy Manual
Revelstoke Board of Education Policy Manual 3.8 Computer, Internet and BCeSIS Usage and Access This policy shall govern the use of computer equipment, software, the network, e-mail, Internet and BCeSIS
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationRegulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES. 1. Definitions. In this regulation unless a contrary intention appears.
Regulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES 1. Definitions In this regulation unless a contrary intention appears Authority means (i) in relation to the central facilities and computing and
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationSocial Media Policy. Policies and Procedures. Social Media Policy
Policies and Procedures Social Media Policy 1 1. Introduction...3 2. Privacy settings and personal information.....3 3. Use of Social Media at Work.....4 4. Account Administrators and Login Details......4
More informationLINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy
LINCOLN UNIVERSITY Policy: Computer and Network Usage by Employees Policy Number: HRM-110 Effective Date: July 1, 2009 Revisions: Replaces, as they relate specifically to employees, IT Policies 517 Internet
More informationThe best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.
Whistleblowing Policy (HR Schools) 1.0 Introduction Wainscott school is committed to tackling unlawful acts including fraud, corruption, unethical conduct and malpractice regardless of who commits them,
More informationEmail & Internet Policy
Email & Internet Policy Use of email system and internet services Current Document Status Version V0.2 Approving body Acorn Academy Cornwall Date 11 June 2015 Date of formal approval (if applicable) Responsible
More informationSaint Martin s Catholic Academy
Saint Martin s Catholic Academy E-Safety Policy - Acceptable Use - Students January 2015 Why have an Acceptable Use Policy? An Acceptable Use Policy is about ensuring that you, as a student at Saint Martin
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Security Incident Reporting & Investigation
Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how
More informationSocial Networking Policy
Feltonfleet School Social Networking Policy Introduction Objectives This policy sets out Feltonfleet School s policy on social networking. New technologies are an integral part of our lives and are powerful
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationAcceptable Use Policy
Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationRules for the use of the IT facilities. Effective August 2015 Present
Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.
More informationCellular/Smart Phone Use Procedure
Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More informationCatalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.
PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCOUNCIL POLICY R180 RECORDS MANAGEMENT
1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationAustralian Ethical Investment Limited and Australian Ethical Superannuation Pty Ltd. Code of Conduct
Australian Ethical Investment Limited and Australian Ethical Superannuation Pty Ltd Code of Conduct The Australian Ethical Code of Conduct is intended to provide guidance for Directors and employees on
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationSTFC Monitoring and Interception policy for Information & Communications Technology Systems and Services
STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining
More informationInformation & Communications Technology Usage Policy Olive AP Academy - Thurrock
Information & Communications Technology Usage Policy Olive AP Academy - Thurrock Version Control Sheet Title: Purpose: Owner: Information Communications Technology Policy To advise staff of the procedures
More informationAcceptable Usage Policy
Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...
More informationComplaint. Handling. Policy. Guidelines
Complaint Handling Policy Guidelines April 2011 1 Complaints Handling Policy guidelines Contents Introduction 3 Making a Complaint 4 Receiving a Complaint 8 Assessing a Complaint 10 Deciding how to deal
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationInformation Systems Acceptable Use Policy for Learners
Information Systems Acceptable Use Policy for Learners 1. Introduction 1.1. Morley College is committed to providing learners with easy access to computing and photocopying facilities. However it needs
More information2014 Whistleblower Policy. Calibre Group Limited ABN 44 100 255 623. Version 1.5
Version 1.5 Calibre Group Limited ABN 44 100 255 623 REVISION DATE AUTHOR APPROVED BY SIGNATURE 0 07-08-2014 M Silbert Chief Legal Counsel RELATED DOCUMENTS CHG-POL-CPL-05 Calibre Group Code of Conduct
More informationEASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY. Inspire and Achieve
EASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY Inspire and Achieve Introduction This document sets out the guidance on social networking and aims to: Set clear expectations of behaviour
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationOther Review Dates: 15 July 2010, 20 October 2011
POLICY:- Policy Title: Mobile Telephone Policy File reference: F10/618-04 Date Policy was adopted by Council initially: 18 December 2008 Resolution Number: 404/08 Other Review Dates: 15 July 2010, 20 October
More informationBring Your Own Device Program: 2015 User Agreement
Bring Your Own Device Program: 2015 User Agreement Asquith Girls High School Bring Your Own Device program aims to improve student learning experiences both in and out of the classroom. Asquith Girls High
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationAuthorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together
Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:
More informationAcceptable Use Policy - NBN Services
OASIS TELECOM ABN: 31 155 359 541 P: 1300 734 399 F: 03 9011 9644 care@oasistelecom.com.au www.oasistelecom.com.au PO Box 6153, Point Cook, VIC - 3030 Acceptable Use Policy - NBN Services Important Note:
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationCOMPUTER USAGE - EMAIL
BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More informationHuman Resources People and Organisational Development. Disciplinary Procedure for Senior Staff
Human Resources People and Organisational Development Disciplinary Procedure for Senior Staff AUGUST 2015 1. Introduction 1.1 This procedure applies to Senior Staff. Senior Staff includes: 1.1.1 the Vice-Chancellor
More informationCentral Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy
Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy I. PURPOSE To identify the requirements needed to comply with
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationAcceptable Use of Computing and Information Technology Resources
Acceptable Use of Computing and Information Technology Resources Version 1.0, February2, 2010 General Statement As part of its educational mission, Hocking College acquires, develops, and maintains computers,
More informationPS 172 Protective Monitoring Policy
PS 172 Protective Monitoring Policy January 2014 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010;
More informationNOT PROTECTIVELY MARKED. Yes. Disciplinary Policy and Procedures (POLICE STAFF) POLICY REFERENCE NUMBER VERSION 1.0
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Disciplinary Policy and Procedures (POLICE STAFF) POLICY REFERENCE NUMBER A050 VERSION 1.0 POLICY OWNERSHIP
More informationCODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015
GOLDFIELDS MONEY LIMITED ACN 087 651 849 CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015 1. Purpose This Code of Conduct (Code) clearly states the standards of responsibility and
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationCode of Business Conduct and Ethics THE WOODBRIDGE WAY. integrity honesty respect responsibility
Code of Business Conduct and Ethics THE WOODBRIDGE WAY integrity honesty respect responsibility Reissued June 12, 2015 Code of Business Conduct and Ethics THE WOODBRIDGE WAY INTRODUCTION Woodbridge Foam
More informationUSER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY
USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting
More informationHow To Deal With Social Media At Larks Hill J & I School
LARKS HILL JUNIOR & INFANT SCHOOL Social Media Policy Written: Reviewed Autumn Term 2015 Larks Hill J & I School Social Media Policy 1. Introduction For the purposes of this policy, social media refers
More informationMEDICAL TRAINEE DATA FORM (This information is required for all medical students)
ALEXANDRA MARINE AND GENERAL HOSPITAL 120 Napier Street, GODERICH, ON N7A 1W5 (519) 524-8689 ext. 5712 Fax: (519) 524-5579 Email: amgh.administration@amgh.ca MEDICAL TRAINEE DATA FORM (This information
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationSocial Networking Policy
Social Networking Policy Policy Date June 2013 Review Date June 2015 Section 1: Introduction 1.1 Objectives 1.1.1 This policy sets out West Row Primary School s policy on social networking. New technologies
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationELECTRONIC MAIL (E-MAIL) September 2014. Version 3.1
ELECTRONIC MAIL (E-MAIL) September 2014 Version 3.1 Western Health and Social Care Trust Page 0 of 6 E-mail Policy V3.1 Policy Title ELECTRONIC MAIL (E-MAIL) POLICY Policy Reference Number CORP09/006 Original
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationPolicy No: 2-B8. Originally Released: 2001. Date for Review: 2016
Topic: Information and Communication Technology use by Students Policy No: 2-B8 Policy Area: Standing Committee: Education Religious Education and Curriculum Committee Originally Released: 2001 Date for
More informationHIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)
HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationNetworking and Social Media Policy
Networking and Social Media Policy 1 Objectives This policy sets out the Millfields Community School policy on social networking. New technologies are an integral part of our lives and are powerful tools
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCertification Practice Statement (ANZ PKI)
Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority
More informationCODE OF ETHICS AND BUSINESS CONDUCT
CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business
More informationHow To Behave At A School
THE LONG EATON SCHOOL ICT Security Policy Rules, expectations and advice for students APPROVED BY GOVERNORS: Student ICT Policy Introduction Educational establishments are using computer facilities more
More informationHORIZON OIL LIMITED (ABN: 51 009 799 455)
HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon
More information