Information Security Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Security Policy"

Transcription

1 Information Security Policy 1

2 Version and Review Summary Rev Date Author Approver Revision description 1.00 April 2009 T Monachello Formal Review st June 2009 T.Monachello Information Governance Board (IGB) Formal Approval 1 st June 2009 IGB Board 2

3 Purpose... 4 Policy Definition... 4 Direction... 5 Scope and Responsibilities... 6 Specific responsibilities... 7 Chief Executive Officer... 7 All users... 7 Information Security... 8 Information Governance Board... 8 Management... 8 Information Asset Owners... 9 Caldicott Guardian Shared Services Human Resources and Development Review of Information Security Policy Information Security Policy Exceptions Associated Documentation Appendix A Associated documentation Appendix B Legislation

4 Purpose The purpose of Information Security for Harrow Council is to protect the council s information assets, regardless of whether these are held in manual or electronic form. This will help to safeguard the reputation of the council, to optimise the management of risk and to minimise the impact of Information Security incidents. Implementation of this Policy will provide assurance to stakeholders, partners and citizens, that their information is held securely and used appropriately by the council, whilst complying with legislation and satisfying auditors. Further, it is a key enabler for information sharing through enhanced controls e.g. supporting access channel strategy, business continuity planning, citizen focussed services, first contact deployment and flexible working. Policy Definition The International Standard: ISO Code of Practice defines Information Security as the preservation of three aspects of Information: Confidentiality: Information is only available to those that are authorised to gain access. Integrity: Safeguarding the accuracy and completeness of information and processing methods. Availability: The assurance that authorised users have access to information and associated assets when this is required. Information takes many forms. It may be processed and stored on computers or in other electronic form, printed or written on paper, shared through voice or video communications, transmitted through post or electronic means such as or fax, made available on corporate videos or web sites. Whatever form the information may take, or means by which it is shared, stored or processed, it should always be appropriately classified and protected according to that classification. Information systems and the information they process and store are a vital asset to Harrow Council. Harrow is dependent on the availability of accurate information to provide local government services. Any loss of computer systems or the information they contain could have serious repercussions for Harrow and / or its clients. A breach of security during processing, storage or transfer of data could result in financial loss, personal injury to a member of staff, or client, serious inconvenience, embarrassment, or even legal proceedings against Harrow, and possibly the individuals involved. In order to ensure the confidentiality, integrity and availability of these systems an appropriate level of security must be achieved and maintained. The level of security implemented on each of the various systems will be consistent with the designated security classification of the information and the environment in which it operates. 4

5 Specific security standards, procedures and guidelines will be published and updated from time to time in support of the information Security Policy, aiming to mitigate risk of unauthorised modification, destruction or disclosure whether accidental or intentional. Within Harrow, access to information will be restricted to those personnel in roles with a valid business requirement. Information on computer systems will be protected with anti-virus software, which will be updated regularly. Scans will be carried out regularly on all servers, workstations and laptops, and virus definitions will be updated each weekday. Updates and scans will be automatic for every machine and must not be turned off or bypassed. Harrow will take appropriate steps to prevent, detect, and recover from any loss or incident, whether accidental or malicious, including error, fraud, misuse, damage and disruption to, or loss of computing or communications facilities. A security risk assessment will be carried out on each information asset to identify the level of protection required. The security and control procedures required will take into account the sensitivity and value of the information. All groups must have business continuity plans for information that is deemed to be critical. Direction Information Security is a key enabling mechanism for supporting the strategy for e- Government, knowledge sharing and joined up team working. It promotes trust both internally and externally in shared data and infrastructure. Harrow s strategic direction for Information Security is to provide a strong forward-looking information management system that is clearly aligned to the Council s Corporate Vision and strategic priorities. This vision for Information Security reflects its growing role in maintaining trust and confidence both within the council and outside. The Local Government Association (LGA) has produced data handling procedures designed for local authorities to use as standard guidelines. They set out the fundamental steps that every council should take to mitigate against the ever-present risk that personal information is lost or that data protection systems fail. They therefore provide chief executives, senior managers and elected members with a vital aid in discharging their responsibilities and accountability for secure and effective handling of personal information. The guidelines were prepared by working closely with councils and central government to meet local government circumstances. As governments cast a wider net on their ability to share sensitive information among agencies, security requirements dictate that a sophisticated internal networking environment be developed within the authority. Government Connect (GC) is a recognised, accredited and trusted secure government network for all Local Authorities (LAs) in England and Wales. The network is called GCSx and it enables secure data sharing up to restricted level across government. GC is critical as it allows local authorities and central government to exchange information securely over a private network rather than the Internet. This security policy ensures that the fundamental security principals of the data handling guidelines and the Government Connect initiative are followed. 5

6 Scope and Responsibilities The Harrow Council Information Security Policy is applicable to: All Council information, information owned by its clients and partners, and information about its clients. All Council members, permanent, contract and temporary personnel, and all third parties, who have access to Harrow premises, systems or information. All Council systems, software, and information created, held, processed or used on those systems or related media, electronic, magnetic, or written/ printed output from Harrow systems. All means of communicating information, both within the Council and externally. For example data and voice transmissions or recordings, post, , sms/text, cameras, whiteboards, memory sticks, disks, fax, telex, image/sound processing, videoconferencing, photocopying, flip charts, general conversation etc. It also includes the requirement to comply with any criminal and civil law, statutory, regulatory or contractual obligations, and any other security requirement, including business continuity management. Information security is not an option. We are all required to maintain a minimum level of Information Security to maintain our legal and contractual obligations. Defined and approved policies and standards of information security must be implemented. The Service Management for Information Management and the HITS Security Specialist(s) are responsible for defining Information Security policy and standards. Department heads and service providers are responsible for implementing policies and standards in their area of jurisdiction. Furthermore, these policies and standards must be included in service level agreements and contracts with IT service providers. Non-compliance with this policy will be dealt with under the relevant Council procedures and may result in disciplinary action, termination of contract, or criminal prosecution in the most serious of cases. This policy is a living document and thus frequently updated to reflect technological, legal and organisational changes. It should therefore be revisited on a regular basis by all staff. 6

7 Specific responsibilities Chief Executive Officer The Chief Executive Officer is ultimately responsible for ensuring the implementation of this Security Policy. It is the responsibility of all employees to ensure that they conduct their business in accordance with this Policy. All users Users of systems and information must: Access only systems and information, including reports and paper documents, to which they are authorised. Use systems and information only for the purposes for which they have been authorised, and only from Harrow ICT controlled or authorised secure equipment and approved software. Comply with all appropriate legislation, and with the controls defined by the Information Owner, and all corporate Policies, Standards, Procedures and Guidelines. A summary of the appropriate legislation can be found in Appendix B. Not disclose confidential information to anyone without the permission of the Information Owner. Keep their passwords and other access credentials secret, and not allow anyone else to use their account, or equipment or media in their care, to gain access to any system or information. Notify their immediate superior, or the HITs Security Specialist or the Service Manager for Information Management, of any actual or suspected breach of Information Security, or of any perceived weakness in the Council Security Policies, Procedures and Practices, Process or infrastructure. Establish the identity and authority of anyone requesting information access or information system access e.g. for servicing or repairs Familiarise themselves with this Policy, and all applicable supporting Policies, Procedures, Standards and Guidelines. Compliance with this Policy is mandatory, and any employee failing to comply will be subject to disciplinary procedures, revoking of access &/or prosecution in serious cases. If responsible for management of third parties you must ensure that those third parties are contractually obliged to comply with this Policy and are aware that their failure to comply may lead to contract termination &/or prosecution in serious cases. Use the relevant Harrow Code of Connection terms. Be aware that the Council monitors the content and usage of its systems and communications to check for Policy compliance. Never leave computers logged into the network unattended unless password protected screen locking is available and has been engaged <ctrl alt delete>. Keep your desk clear of all confidential paper files and documents when you are not working on them. Maintain a clear desk policy when leaving your desk unattended for any period of time and out of office hours. Keep all confidential paper files and documents in secure, lockable cabinets. 7

8 Not take confidential documents or materials home, however, if this is unavoidable, do consider the use of lockable bags or cases when it is necessary to carry paper files or documents in person. Stand at public Fax machines/printers or have documents containing confidential information retrieved immediately so that unauthorised individuals have no opportunity to see the information. Not store confidential electronic files and documents on your computer s local drive (C:) or mail to a personal address in order to work on them at home. Not use standard USB data sticks or digital drives as portable temporary storage for electronic files and documents. AES 256 standard encrypted USB data sticks may be used only after the Service Manager for Information Management has approved a valid business case. If permission is granted, these USB data sticks may only be purchased from HITs Procurement. Purchase all new laptops, mobile phones, PDA s and any other hand held devices capable of storing data, through HITS to allow encryption software to be installed prior to being released to you. This ensures that the device is protected should it be lost or stolen. Any existing Council owned laptops or portable devices should be returned to HITS who will make appropriate arrangements to have the encryption software installed at a predetermined rate. Lock all laptops away in a secure cabinet when not in use in the office or in the home and never leave on the back seat of a car! Information Security The Service Management for Information Management and the HITS Security Specialist(s) will act as the focus for all Information security issues, suggesting policies to mitigate risk, and assisting with their interpretation into team procedures and standards, whilst implementing those aspects affecting the operational security of the Council s Information and IT infrastructure. Information Governance Board An Information Governance Board (IGB) has been established and the Councils Section 151 officer (Corporate Director Finance) has assumed the role of the Information Governance Lead with delegated authority from the Chief Executive. This Board would provide the forum by which Information Management issues are translated into an ongoing strategy and action plan, it would ensure a consistent approach across the Council, promoting information management/sharing including partnership working. The IGB will be represented by all levels of management to provide visible management support and clear direction for information security at the executive level. Management Managers are responsible for: In conjunction with Shared Services, defining reference and vetting requirements for the role and undertaking pre-employment/contract reference checking including managing clearance to HMG Baseline Personnel Security standard for users who require access to the GSI and RESTRICTED information. 8

9 Ensuring that their permanent, contract and temporary personnel are fully conversant with this Policy and all associated Policies, Standards, Procedures, Guidelines and relevant legislation, and are aware of the consequences of non-compliance. Developing compliant procedures, processes and practices for use in their business areas. Maintaining an appropriate Business Continuity Plan, which is incorporated into the corporate Business Continuity Plan, and is broad enough to respond to all types of potential loss of critical infrastructure, systems and data. Ensuring that when requesting or authorising access for their staff, they comply with the standards and procedures defined by the Information Owners, with particular regard to segregation of duties, minimum access and any minimum training requirements. Notifying the Service Manager for Information Management, Hits Security Specialist via the Council Help Desk of any suspected or actual breaches or perceived weaknesses of information security. Taking disciplinary action supported by the Human Resources Department in the event of misconduct, and non-compliance with Security Policies. Information Asset Owners Before any asset can be protected to an appropriate level, it must be identified, and have a value assigned to it. Somebody must take responsibility for managing, or owning the asset, and defining the levels of access that may be given to it. The information owner is responsible for identifying, documenting, valuing and carrying out a risk assessment on assets, then specifying the level of protection and access that should be given to those assets in accordance with the Information Classification Guidelines. Although the work may be delegated, the information owner retains accountability, and must be satisfied that all assets have been assessed, and that appropriate procedures are in place to protect them from unauthorised access or modification. The activities carried out by the information owner are: Identify and document major assets all physical assets must be labelled, and information held on electronic media should be clearly identifiable. Assign a sensitivity value to each asset based on a business impact analysis. This value to be RESTRICTED -IL3, PROETCTED IL2 or IL1 and Unclassified-IL0. Carry out a risk assessment to identify specific threats and vulnerabilities relating to each asset, and their estimated recovery costs or asset value. Specify the controls from ISO27001 that will be used to protect the assets including: Physical protection and access controls. Storage requirements for hard copy information. Authorisation of users, job roles or security clearance levels, who may access the asset, together with the level of access allowed. Backups, media handling and storage. Compliance with legislation. Any need for encryption to protect information at rest on computer systems and/or in transit across internal or external networks. 9

10 Ensuring appropriate Contract/Code of Connection with any 3 rd parties. Specifying minimum training requirements and arranging its availability. Ensure that procedures are in place reflecting the controls and access levels. Periodically review access to ensure that procedures are followed, especially in the event of process changes that affect the asset. Specify the retention period for each asset, and the manner in which it should be deleted or destroyed at the end of that period. Be advised in the event of any incident relating to the assets, and revise controls if required. This is not a one-off process, but a live ongoing responsibility. These activities will be carried out with guidance and assistance from the Service Manager, Information Management. Please be aware that the if data (IL1 to IL3) under your responsibility is sent or distributed to 3 rd party organisations outside the council, then appropriate precautions should be undertaken to safeguard the confidentiality of this data and its content. Council guidelines on sending such data (Protocols on Sharing Data (IL1 to IL3)) are available to you to enable you to share this information securely. Caldicott Guardian The Caldicott Guardian has a specific set of responsibilities for defining the circumstances in which personal information held about clients can be legitimately shared with other Harrow departments and with other agencies. In Harrow, the Caldicott Guardian s responsibilities primarily relate to Social Care; similar roles exist in other agencies, such as the NHS trusts. The Guardian is responsible for ensuring that these information-sharing guidelines are publicised appropriately and strictly adhered to. Shared Services Shared Services are responsible for monitoring vetting processes and for the management of employee lifecycle information. Their responsibilities include: Monitoring pre-employment reference checking and advising management to ensure compliance with requirements of the role including clearance to the HMG Baseline Personnel Security standard for users who require access to the GSI and RESTRICTED information. Ensuring that system administrators receive prompt notification of employee role changes and departures. Human Resources and Development Promoting awareness of training, including induction training and for ensuring inclusion of relevant security awareness therein & in employee documentation. 10

11 Supporting management to define disciplinary action in the event of misconduct, and non-compliance with Security Policies and assisting management with disciplinary procedures. Review of Information Security Policy The Information Governance Board (IGB) will review this policy on a yearly basis, and the results of the review will be detailed on the minutes of this meeting. Any resulting changes will be notified to all relevant stakeholders. In the event of major network configuration changes, change of policy, security incidents or a lack of security identified in the yearly penetration test performed on the Council s network, the policy will be reviewed for effectiveness, and modified if appropriate. Information Security Policy Exceptions It is not intended that any exceptions will be permitted even on a temporary basis but rather the Policy should be reviewed at the next opportunity. Any changes must be approved by the Information Governance Board. Associated Documentation Further information security documents supporting this policy will be developed over time. Intended further Policies can be found in Appendix A. 11

12 Appendix A Associated documentation Documents supporting this policy include (this is not an exhaustive list): Document Acceptable Use Policy Asset Management Business continuity Change Control Procedure Data backup Disposal of equipment, media and documents Protocols on Sharing Data (IL1 to IL3) Incident reporting and handling Induction and user awareness Information Classification Information Security Statement Network and infrastructure security Remote Working Policy/Toolkit Purpose Defines the acceptable use of Harrow s computer systems, networks, passwords, internet access and (to include notification of monitoring) Procedure for protecting information assets in accordance with their classification and value Procedure and plan to ensure continuity of business in the event of an incident that affects the availability of information or information systems Procedure for identifying, approving and carrying out change in a controlled manner Procedure for creating, managing, storing, labelling, testing and restoring backups of computer based information. Procedure for protection of the confidentiality of information in the event of equipment upgrades, maintenance or disposal, or when information has reached the end of its retention period. Procedure for the use of encryption and/or secure ftp services to protect the confidentiality of sensitive information when sent to 3 rd party organisations. Procedure for reporting, management, and learning from actual, potential or suspected security breaches or weaknesses. Procedure for ensuring that all employees, contractors and third parties who have access to Harrow information are aware of their responsibilities and the consequences of non-compliance with Security Policies. Procedure defining the classifications, and the process for identifying information assets and ensuring that they are appropriately protected according to their value and sensitivity. CEO statement regarding Information Security Technical procedures relating to internet, intranet, remote access, and related equipment including firewalls, switches & routers. Procedures relating to accessing of corporate data remotely. 12

13 Offsite security of equipment and information (including mobile computing and telephony) System security Physical security Virus and malicious code protection Policy and procedure for protection of information that is taken out of Harrow premises, whether in the form of paper documents, or electronically stored media held on laptops or other portable computer equipment. This also covers equipment which is installed on sites of third party organisations. Standards for building, managing, monitoring and maintaining secure computer systems and clients. Policy for physical security of premises and computing facilities, together with standards for environmental controls Procedure for protecting against malicious code, and for handling incidents caused by malicious code 13

14 Appendix B Legislation All employees will comply with all current legislation. Laws relating to information security include those outlined below: Data Protection Act 1998 and EU Directive on Data Protection Personal information relating to identifiable individuals must be kept accurate and up to date. It must be fairly obtained and securely stored. Personal information may only be disclosed to people who are authorised to use it. Copyright, Designs and Patents Act 1988 Documentation must be used strictly in accordance with current applicable copyright legislation, and software must be used in accordance with the licence restrictions. Unauthorised copies of documents or software may not be made under any circumstances. Caldicott Principles Used to describe the confidentiality and security of client information held by providers of social care services and their partners about service users. Computer Misuse Act 1990 This Act addresses the following offences: Unauthorised access to computer material. Unauthorised access with intent to commit or facilitate commission of further offences. Unauthorised modification of computer material. Regulation of Investigatory Powers Act 2000 (RIPA) This Act provides for, and regulates the use of, a range of investigative powers, by a variety of public authorities. It updates the law on the interception of communications to take account of technological change such as the growth of the Internet. It puts other intrusive investigative techniques on a statutory footing for the very first time; provides new powers to help combat the threat posed by rising criminal use of strong encryption; and ensures that there is independent judicial oversight of the powers in the Act. Electronic Communications Act 2000 This Act supports the use of encryption and digital signatures. 14

15 Code on Employers Monitoring Practices Part 3 of the Employee Practices Data Protection Code, which provides best practice guidance on monitoring of s, phone calls and Internet access in the context of the Data Protection Act. EU Directive on Privacy and Electronic Communications Defines legal standards for the processing of personal data, and the protection of privacy in the electronic communications sector. Human Rights Act 1998 Based on the European Convention on Human Rights. Freedom of Information Act 2000 Provides members of the public with the right to request any information from any public body. Public Sector Information Regulations 2005 Obliges public authorities to price up their commercially valuable information for sale under usage licenses, protected by copyright notices issued as part of Freedom of Information responses. Disability Discrimination Act 2004 Particular impact on web site design, accessibility issues. Race Relations (Amendment) Act 2000 Prohibiting race discrimination and a statutory general duty to promote race equality. Environmental Information Regulations Environmental Information must be available and pro-actively published. Business partners should be tied into compliance by contract Guidelines The Local Government Data (LGA) Handling Guidelines, Government Connect and the Code of Connections, 15

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Somerset County Council - Data Protection Policy - Final

Somerset County Council - Data Protection Policy - Final Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Corporate Affairs Overview and Scrutiny Committee

Corporate Affairs Overview and Scrutiny Committee Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY ISO 27002 5.1 Author: Owner: Organisation: Chris Stone Ruskwig TruePersona Ltd Document No: SP- 5.1 Version No: 1.0 Date: 10 th January 2010 Copyright

More information

University of Aberdeen Information Security Policy

University of Aberdeen Information Security Policy University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE If you ve been served with a Technical Capability Notice, here are some of things that will be required of you. v 8.3 The obligations the

More information

Information Protective Marking and Handling Policy

Information Protective Marking and Handling Policy Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Merthyr Tydfil County Borough Council. Information Security Policy

Merthyr Tydfil County Borough Council. Information Security Policy Merthyr Tydfil County Borough Council Information Security Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Policy and Procedure Document. Information Security Incident Management Policy and Procedure

Policy and Procedure Document. Information Security Incident Management Policy and Procedure Policy and Procedure Document Information Security Incident Management Policy and Procedure [23/08/2011] Page 1 of 9 Document Control Organisation Redditch Borough Council Title Information Security Incident

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March

More information

Information Security Policy. Appendix B. Secure Transfer of Information

Information Security Policy. Appendix B. Secure Transfer of Information Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Quick Guide To Information Governance Policies

Quick Guide To Information Governance Policies Quick Guide To Information Governance Policies Data Protection The Data Protection Act 1998 established principles and rights in relation to the collection, use and storage of personal information by organisations.

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Records Management Policy & Guidance

Records Management Policy & Guidance Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

COUNCIL POLICY R180 RECORDS MANAGEMENT

COUNCIL POLICY R180 RECORDS MANAGEMENT 1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Issued 10092010 Page 1 of 40 Version 1.2

Issued 10092010 Page 1 of 40 Version 1.2 Contents statement 1. Overarching Security Statement 2. Introduction 3. Scope 4. Security policy 5. Organisation of information security 6. External parties 7. Asset management 8. Human resource security

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Information Security Incident Reporting & Investigation

Information Security Incident Reporting & Investigation Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

Infrastructure Security Policy

Infrastructure Security Policy Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd ICT Infrastructure Security Policy September 2013 Version 1.0 Page 1 of 11 CONTROL SHEET FOR ICT Infrastrutcure Security

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Remote Access and Home Working Policy London Borough of Barnet

Remote Access and Home Working Policy London Borough of Barnet Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

Staffordshire County Council. Records Management Policy

Staffordshire County Council. Records Management Policy Staffordshire County Council Records Management Policy Version Author Approved By Date Published Review V. 2.0 Information Governance Unit Philip Jones, Head of Information Governance 2/11/2012 November

More information

Essex County Council Policy for Information Management and Security

Essex County Council Policy for Information Management and Security Essex County Council Policy for Information Management and Security Title Author/Owner Status Essex County Council Policy for Information Management and Security Information Management IS Final Version

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Information Classification and. Handling Policy

Information Classification and. Handling Policy Information Security Document Information Classification and 1 Version History Version Date Detail Author 1.0 27/06/2013 Approved by Information Governance Jo White Group 2.0 31/07/2013 Approved by Information

More information