Mobile Devices and Remote Working Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Mobile Devices and Remote Working Policy"

Transcription

1 Mobile Devices and Remote Working Policy Document Reference Information Version 1.0 Status Final Author/Lead Risk and IG Manager Date Effective February 2015 Date of Next Formal Review January 2017 Version Control Record Date Version Action Amendments January First version Adoption of previous NWL CSU Mobile Working policy To be read in conjunction with Information Security Policy Information Governance Policy Disciplinary Policy Registration Authority Policy Policy The CCG incorporates and supports the Equality Act 2010 and the human rights of the individual as set out in the European Convention on Human Rights and the Human Rights Act 1998 Page 1 of 10

2 Contents Section Number Paragraph Heading Page Number Document Reference Information 1 Version Control Record 1 1 Introduction 3 2 Objective 3 3 Definitions 3 4 Scope 4 5 Connection to Non-NHS Networks 4 6 Information Held on CCG mobile devices 4 7 Information Held on Personal Mobile Devices 4 8 Mobile Devices Security 5 9 General Security Principals and Guidelines 5 10 Display Screens 7 11 Making an Application for Home Working 7 12 Monitoring and Review 8 13 Policy Breach 8 14 Staff Leavers 8 Page 2 of 10

3 1. Introduction 1.1 Current working practice within the CCG is such that individuals might not have a static work base or will need to work from home either occasionally or for periods of time. In the course of their work such individuals may need to access the NWL (North West London) network or take information away from their base. The CCG operates a remote working facility and it is possible to process or view information on various types of portable/mobile electronic devices. It is important that information, whether stored on mobile devices or accessed or worked on remotely, is protected by proper security processes. 2. Objective 2.1 The purpose of this policy is to protect CCG information that is accessed remotely or is stored on mobile devices. It forms part of an overall set of information governance policies and should be read in conjunction with the Information Security Policy. 3. Definitions 3.1. Data devices this includes any device that can store information required for the CCG s operational business. Typically these are portable computers, laptops/notebooks, smart phones such as blackberries, mobile phones, digital cameras and although not currently supported by the NWL ICT Helpdesk, it may also cover other devices such as personal digital assistants (PDAs), and any other mobile devices which process information Media Any physical item that can store information and requires another device to access it. For example: CD, DVD, Floppy disc, tape, digital storage device (flash memory cards, USB disc keys, portable hard drives) Patient Identifiable Data - Person identifiable information can include one or more of the following: Surname Forename Address/Postcode Telephone Number Occupation Gender Date of Birth Ethnic Group NHS Number NI Number 3.4 CCG Devices - All data devices connecting directly to the NWL network (that is, connected to a network point on NHS premises) must be protected by up to date anti-virus software. Where the device does not update automatically, it is the responsibility of the user to ensure that the anti-virus software is up to date or report it immediately to the NWL ICT Service Desk. 3.5 Personal Devices - That is, devices that are not provided by your employer for use in your work such as home personal computers and laptops, must not be connected directly to the NWL ICT network wired or wireless without ICT authorisation. 3.6 Direct Connection to the NWL ICT Network - It is accepted that from time-to-time, external contractors or visitors will require the use of the Local Area Network (LAN) in order to give presentations or gain access to the Internet. A secure Guest facility has been configured on the network. If a non-nwl computer requires access, an authorised CCG manager may request a temporary Guest logon from the NWL ICT Service Desk. Page 3 of 10

4 3.7 Remote Connection to the NWL ICT Network - Connection to the NWL ICT network remotely (that is, via our VPN client or any web services) requires authorisation by the ICT Department and will be subject to authentication procedures specified by them. 4. Scope This policy covers: 4.1. Remote working, that is, working on CCG information or accessing the NWL ICT network in a place that is not your normal work base 4.2. The use of data devices 4.3. In particular, the policy covers: Connection to the NWL ICT network remotely and with mobile devices The processing of CCG information away from CCG or NWL premises The processing of CCG information on mobile devices The secure transfer of information The security of mobile devices and information The use of home computers and personal mobile devices 4.4. The policy also relates to any staff member, who at any time removes information in any form from the premises of the CCG where it is usually stored. 5. Connection to non-nhs Networks 5.1 CCG equipment must not be connected to the internet via a commercial internet service provider without prior authorisation by the NWL ICT Department because of the risk to the security of the information held on them and the risk of introducing viruses onto the NWL ICT network. 6. Information held on CCG mobile devices 6.1 Confidential CCG information may only be stored on mobile devices with the permission of your line manager and the CCG s Information Governance Manager. 6.2 Information must not be stored permanently on mobile devices. If it is necessary to work away from the CCG s premises, information should be transferred to the NWL ICT server and deleted from the device as soon as possible. 6.3 Unauthorised software must not be installed onto CCG mobile devices. 6.4 Information must be virus checked before transferring onto NWL computers. This will be done automatically for non-confidential information that is sent via . (Confidential information must not be sent via unless it is part of an agreed and authorised process 7. Information held on Personal mobile devices 7.1 CCG information must not be stored on non-ccg equipment, for example, home personal computers, laptops and PDAs unless it is part of an agreed process, authorised by the CCG s Information Governance Manager and Caldicott Guardian. An exception is the synchronisation of your calendar, task list and address book with non-nwl ICT issued PDAs, which is permitted, but not they cannot be synchronised via a CCG data device, as they are unsupported and untested devices. Page 4 of 10

5 8. Mobile Devices Security 8.1 Information stored on any mobile device must be protected by adequate security including encryption, regular back up procedures, and up to date anti-virus software. In particular, memory sticks must be encrypted and issued by the NWL ICT Department and have password protection. Advice can be sought from the Service Desk. 9. General Security Principals and Guidance 9.1 The security issues in this policy relate to and include physical security of computer equipment, confidentiality of manual and electronic data, and implications for the security of the NWL ICT systems and network. The security of mobile devices and information 9.2 Mobile devices and confidential information, whether manual or electronic, must be protected by adequate security, for example, they must be: Kept out of sight, for example, in the locked boot of the car, when transported Not left unattended, for example, not left in the car boot overnight Locked away when not being used Kept secure and guarded from theft, unauthorised access and adverse environmental events particularly when taken home Password protected 9.3 CCG issued equipment must be returned to the NWL ICT Department for a health check at regular intervals as specified by the Department, or at their specific request. 9.4 Remote access to the NWL ICT server will require the use of security procedures. These must not be divulged under any circumstances to anyone and users will be expected to make whatever arrangements are necessary, at the home address or wherever else access is established, to ensure that these procedures are safeguarded. Usage in any public accessible area 9.5 The use of information in these areas should be kept to an absolute minimum, due to the threats of overlooking and theft. Any member of staff choosing to use information and/or devices in these areas that results in any related incident will be required to state why the usage was required in that situation and the efforts they made to protect the information and any equipment. Equipment in use will not be left unattended at any time. 9.6 Usage in areas not generally accessible to the public (other CCG premises). Staff are responsible for ensuring that unauthorised individuals are not able to see information or access systems. If equipment is being used outside of its normal location and might be left unattended, the user will secure it by other means (e.g. Kensington Lock Security Cable). Home Usage 9.7 Only authorised members of staff are allowed access to information being used at home in any form, on any media. No family members are allowed access to the equipment or data. Use of any information at home must be for work purposes only. 9.8 Staff must ensure the security of information within their home from theft as well as ensuring that unauthorised individuals are not able to see information or access systems. Where possible it should be stored in a locked container (filing cabinet, lockable briefcase). If this is not possible, when not in use it should be neatly filed and stored away out of sight and out of reach of small children. Page 5 of 10

6 Supplied equipment 9.9 Where the NWL ICT Department has supplied any form of data device only the member of staff themselves is authorised to have access to it. Any member of staff allowing access to an unauthorised person, deliberately or inadvertently may be subject to disciplinary proceedings You may not connect any NWL ICT supplied device to any phone line or internet connection or other computer, other than where you have been given authority and access to the NWL ICT network via a secure remote link Head of IT Operations is responsible for ensuring that access to supplied equipment requires a username and password and that anti-virus software is installed For supplied equipment that is not classed as portable (i.e. a supplied desktop PC), the IT department are responsible for ensuring anti-virus software is regularly updated. In some cases, this may require the return of for updating and checks by the ICT Department when requested If you have been supplied with IT portable equipment (i.e. a laptop or similar device), you are responsible for ensuring that it is regularly connected to the NWL ICT network on-site for upgrade of anti-virus software All NWL IT portable equipment (e.g. laptops, Tablets) should be encrypted before any information is stored. Person Identifiable Data files should have additional protection against unauthorised access (for example an additional password). When equipment is returned or the data is no longer needed the data must be removed. This is the users responsibility The NWL ICT Department is responsible for the safety testing of supplied equipment and annual electrical appliance testing of this equipment. Staff that use the equipment are responsible for ensuring that these checks are undertaken All new requests for Laptops, Notebooks, PC Tablets, Blackberry Phones and other mobile computing devices must be authorised by a director. Remote Access must also be granted by a director. Staff owned equipment 9.16 The use and storage of person identifiable or confidential data on staff owned equipment is strictly forbidden. Staff may only use a NWL ICT supplied encrypted USB data key for this purpose. If files from your personal home computer are transferred to the office environment this should be using for non-confidential data or a NWL ICT issued USB data key for confidential data. Floppy disks or other removal media should not be used Any Staff that are defined as a Home worker are responsible for ensuring that their work conditions at home comply with health and safety regulations, policies and procedures. Working with sensitive Information 9.18 All staff working with Person Identifiable or Organisationally Sensitive Data on a NWL ICT issued data device must abide by the CCGs policies around confidentiality and information security. Sending an from home 9.19 Electronic mail containing person-identifiable and confidential information may not be sent to or from home unless using an encrypted service such as NHSmail. Non personidentifiable/confidential information may be sent via . Connection to the network 9.20 Staff may connect to the NWL ICT network via the secure VPN method following a process of authorisation by the ICT Department Page 6 of 10

7 Transport/Storage 9.21 When you remove equipment, files and data from the CCG premises you are responsible for ensuring its safe transport and storage. Equipment should be encrypted and password protected whenever possible and not left unattended e.g. in vehicles. Equipment must be transported in a secure, clean environment. Passwords must not be written down and included with the equipment. Appropriate packaging should be used to prevent physical damage (sealed envelopes etc). Where a courier service is used to transport packages containing sensitive information tamper proof packaging should be used. It is best practice to contact the reciepient to ensure that the information or equipment has been appropriately received in good working order and without any obvious signs of tampering or unauthorised access. Disaster Recovery / Major Incidents 9.21 In the event of a major incident or disaster, the organisation may recall all equipment on loan to provide core services. Please see Business Continuity Policy for further guidance Equipment Safety 9.22 NWL ICT equipment used by home-workers must be safe to use and not give rise to any risks to health and safety. It should be maintained in efficient working order and in good repair, and should only be used in accordance with the CCGs policies, procedures and practices applicable to information technology and communication systems, i.e. the and Internet Policy The CCG will maintain its own equipment, but will not be responsible for maintaining staff members own computers and equipment e.g. electrical sockets and other parts of the home worker s domestic electrical system are their own responsibility. Should a problem arise with personal or NWL ICT loaned equipment, staff will be supplied with a replacement PC or laptop, either temporarily or on loan, as required. Further Help 9.24 For further advice and assistance on any of these aspects you can contact the IT Service Desk on or Display screens 10.1 Legislation concerning the use of display screen equipment (The Health and Safety (Display Screen Equipment) Regulations 1992) also applies to home-workers. Please visit website below for further details: Making an application for home working 11.1 All applications for home working should be submitted to the NWL ICT Helpdesk at 11.2 Under the new AFC contract, staff members are entitled to apply for combinations of flexible working options. Please consult the HR department for further details The authorisation procedure only relates to staff that need to use mobile computing facilities, either on or off-site (including staff homes), or transfer information between computer systems via physical media. The authorisation procedure is not required for the transfer or offsite usage of paper records. Page 7 of 10

8 11.4 The staff members line manager needs to initially authorised any request for remote access followed by the relevant Director approval. However, it is the line manager who is responsible for identifying the individual requirements of those eligible for the remote access support set out in this policy and will monitor the usage and the costs incurred Staff designated as 'home workers' are automatically eligible for equipment loans Other members of staff and, exceptionally, others working in an advisory or project capacity for the CCG may be eligible for equipment loan at the discretion of their line manager with joint authorisation from their director Access to this remote access support should be regularly reviewed by each directorate The NWL ICT Department/CCG does not reimburse costs or support the following: Broadband internet connection / line rental installed at a domestic address, for Internet access related to CCG business and access to the NWL ICT servers for home users, unless exceptional circumstances The NWL ICT Department will supply and support a portable computer, on loan at the home address and in some cases a printer and fax machine, if they are required. Additionally, where required the NWL ICT Department will provide a router to enable VPN connection if the user does not own a suitable device already. 12. Monitoring and Review 12.1 The usage of this procedure, and the results of any applications made will be monitored and evaluated. The results of the monitoring and evaluations (excluding reasons for application) will be published in annual equality reports This policy will be reviewed by the CCG IG lead and the relevant CCG IT staff subject to any identified trends in incidents and/or to reflect any organisational changes that may occur prior to the next formal review. 13. Policy Breach 13.1 Any breach of this policy may lead to disciplinary action following HR policy and procedures. 14. Staff Leavers 14.1 On leaving the employment of the organisation, all equipment, software, information and data must be returned. The CCG will take the necessary action to reclaim all equipment, software, information and data that has not been returned by the member of staff (e.g. by collection or means of final salary payment) Page 8 of 10

9 DOCUMENT AUTHOR: Risk and IG Manager APPENDIX _ - Equality Impact Assessment Tool DIRECTORATE: Quality and Safety NAME OF DOCUMENT/POLICY/STRATEGY/PROCEDURE Mobile Working and Remote Devices Policy NEW X EXISTING DATE January 26 th 2015 Aim/Status [a] What is the aim/purpose of the policy/strategy/procedure? To outline the organisation s procedures with regards to the use of mobile devices and remote working. [b] Who is intended to benefit from this policy/strategy/procedure and in what way? All staff as they will be provided with specific guidance and instructions.. [c] How have they been involved in the development of this policy/strategy/procedure? [d] How does it fit into the broader corporate aims? By setting out clear guidelines for acceptable and non-accepted used [e] What outcomes are intended from this policy/strategy/procedure? [f] What resource implications are linked to this policy/strategy/procedure? Impacts [a] what is the likely impact [whether intended or unintended, positive or negative] of the initiative on individual users or on the public at large? Greater clarity for staff on the expectations. Increased information security [b] Is there likely to be differential impact on any group? If yes, please state if this impact may be adverse and give further details [e.g. which specific groups are affected, in what way, and why you believe this to be the case] No. The policy is an inclusive policy that does not seek to advantage or disadvantage any particular staffing group based on age, sex, gender or on the grounds of religious belief or sexual orientation. If the policy is unlawfully discriminatory it must go to a full impact assessment (please Contact the Equality, Diversity & Human Rights Advisor Human Resources Directorate) Persons conducting EqIA Jason Clarke Signed Date: 26 th January 2015 Page 9 of 10

10 Page 10 of 10

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

Remote Access and Home Working Policy London Borough of Barnet

Remote Access and Home Working Policy London Borough of Barnet Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and

More information

DATA ENCRYPTION POLICY

DATA ENCRYPTION POLICY DATA ENCRYPTION POLICY Contents 1. Introduction...4 2. Purpose...4 3. Audience...4 4. Responsibilities/Duties...4 4.1 Individual Staff Responsibilities...4 4.2 Accountable Officer...5 4.3 Director of Strategy

More information

IM&T Remote Working Security Policy

IM&T Remote Working Security Policy IM&T Remote Working Security Page 1 of 17 DOCUMENT PROFILE and CONTROL. Purpose of the document: This document establishes the Information Security Controls that are to be adhered to in line with remote

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy Number: 037 Version: 2 V2 Ratified by: Audit Committee 16 December 2015 Document Location: Policies\01 Final Policies Name of originator/author: Information

More information

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE Documentation Control Reference GG/INF/020 Date Approved 13 Approving Body Directors Group Implementation date 13 Supersedes Not Applicable Consultation

More information

Why do we need to protect our information? What happens if we don t?

Why do we need to protect our information? What happens if we don t? Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Name of responsible committee: Information Governance Board Date issued: 15 th April 09 Review date: 14 th April 11 Referenced Documents:

Name of responsible committee: Information Governance Board Date issued: 15 th April 09 Review date: 14 th April 11 Referenced Documents: Storage and Transfer of Person Identifiable Information Policy Trust Wide Policy number: ULH-IM&T-AUP03 Version: 1.1 New or Replacement: New Approved by: Executive Board Date approved: 14 th April 09 Name

More information

Information Security Policy

Information Security Policy Document reference: Version 3.0 Date issued: April 2015 Contact: Matthew Jubb Information Security Policy Revision History Version Summary of changes Date V1.0 First version finalised. February 2006 V1.1

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

INFORMATION SECURITY & DATA PROTECTION POLICY. Documentation Control

INFORMATION SECURITY & DATA PROTECTION POLICY. Documentation Control INFORMATION SECURITY & DATA PROTECTION POLICY Documentation Control Reference Date Approved Approving Body GG/INF/002 TRUST BOARD Implementation Date JUNE 2010 Supersedes Consultation Date of Completion

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Records Management Policy

Records Management Policy Records Management Policy Document information Document type: Operational Policy Document title: Records Management Policy Document date: November 2014 Author: NHS South Commissioning Support Unit, Information

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

Encryption Policy Version 3.0

Encryption Policy Version 3.0 Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

Home Working Policy THE NATIONAL INSTITUTE HEALTH AND CLINICAL EXCELLENCE SPECIAL HEALTH AUTHORITY. Staff Involvement Forum Policy Sub Group

Home Working Policy THE NATIONAL INSTITUTE HEALTH AND CLINICAL EXCELLENCE SPECIAL HEALTH AUTHORITY. Staff Involvement Forum Policy Sub Group THE NATIONAL INSTITUTE HEALTH AND CLINICAL EXCELLENCE SPECIAL HEALTH AUTHORITY Home Working Policy Responsible officer Associate Director HR Author: Staff Involvement Forum Policy Sub Group Date effective

More information

Standard Operating Procedure. Secure Use of Memory Sticks

Standard Operating Procedure. Secure Use of Memory Sticks Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11 Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Information security policy

Information security policy Information security policy Author Strategic Head of Corporate Affairs Owner Chief Finance Officer (SIRO) Date: 18 February 2013 Version 1.0 Previous version & Date: n/a Equality analysis undertaken 26

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

NOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST MOBILE COMPUTING & REMOTE WORKING POLICY. Documentation Control

NOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST MOBILE COMPUTING & REMOTE WORKING POLICY. Documentation Control NOTTINGHAM UNIVERSITY HOSPITALS NHS TRUST MOBILE COMPUTING & REMOTE WORKING POLICY Documentation Control Reference Approving Body GG/INF/020 Directors Group Date Approved 24 Implementation Date 24 Summary

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Information Technology Acceptable Usage Policy

Information Technology Acceptable Usage Policy Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

Policy and Procedure Document. Information Security Incident Management Policy and Procedure

Policy and Procedure Document. Information Security Incident Management Policy and Procedure Policy and Procedure Document Information Security Incident Management Policy and Procedure [23/08/2011] Page 1 of 9 Document Control Organisation Redditch Borough Council Title Information Security Incident

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

Bulk Data Transfer Guidelines

Bulk Data Transfer Guidelines Bulk Data Transfer Guidelines This procedural document supersedes: CORP/ICT 20 v.1 Bulk Data Transfer. Did you print this document yourself? The Trust discourages the retention of hard copies of policies

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Information Security Incident Reporting & Investigation

Information Security Incident Reporting & Investigation Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

University for the Creative Arts. Mobile Working and Remote Access Policy

University for the Creative Arts. Mobile Working and Remote Access Policy Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

Acceptable Use Guidelines

Acceptable Use Guidelines Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY ISO 27002 5.1 Author: Owner: Organisation: Chris Stone Ruskwig TruePersona Ltd Document No: SP- 5.1 Version No: 1.0 Date: 10 th January 2010 Copyright

More information

Policy Document. IT Computer Usage Policy

Policy Document. IT Computer Usage Policy Policy Document IT Computer Usage Policy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Author IT Services Manager Version 4.1 Issue Issue Date

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

PS177 Remote Working Policy

PS177 Remote Working Policy PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection

More information

Working Together Aiming High!

Working Together Aiming High! Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.

More information

Data Encryption Policy

Data Encryption Policy Data Encryption Policy Number: THCCGCG36 Version: 01 Executive Summary This Policy defines the Security requirements for data encryption upon laptops, physical media and Secure File Transfer within the

More information

Data Protection Guidance

Data Protection Guidance 53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection

More information

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy ID IG04 Version: V2.0 Author Interim IG Manager Last review date: 27 th July 2015 Next review date: 1 st August 2017 Date agreed by 25 th August 2015 (Executive

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Policy for the electronic transfer of Person Identifiable Data - harmonised Version: 5 Reference Number: CO51 Supersedes Supersedes: 4 Description of Amendment(s):

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

Mobile Devices Security Policy

Mobile Devices Security Policy Mobile Devices Security Policy 1.0 Policy Administration (for completion by Author) Document Title Mobile Devices Security Policy Document Category Policy ref. Status Policy Unique ref no. Issued by GSU

More information

Remote Access Policy

Remote Access Policy BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES INTRODUCTION These Policies and Procedures apply to all CIPFA volunteers that have access to, use, store and share significant amounts of personal data. It is critically important that this data is handled

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9 Page 1 of 9 TITLE: INFORMATION SECURITY: DEVICE AND MEDIA CONTROLS POLICY: Reasonable steps are taken to protect, account for, properly store, back up, encrypt and dispose of hardware, paper and electronic

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Remote Access Policy

Remote Access Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

IS INFORMATION SECURITY POLICY

IS INFORMATION SECURITY POLICY IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy

More information

NHS FORTH VALLEY Information Governance Remote Working Guidance

NHS FORTH VALLEY Information Governance Remote Working Guidance NHS FORTH VALLEY Information Governance Remote Working Guidance Date of First Issue 09 / 12 / 2011 Approved 12 / 09 / 2013 Current Issue Date 12 / 09 / 2013 Review Date 01 / 12 / 2015 Version V 3.2 EQIA

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

MOBILE DEVICE SECURITY POLICY

MOBILE DEVICE SECURITY POLICY State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois Department of Central Management Services Bureau of Communication and Computer

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information