Cloud Storage Policy (Draft for consultation)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Storage Policy (Draft for consultation)"

Transcription

1 (Draft for consultation) Please note that this draft is under consultation with stakeholders in colleges and university services, before refinement and approval by the appropriate University Committee. If you have comments or feedback, please contact Information Security co-ordinator 1. Summary Purpose Cloud Storage Definition Scope Cloud Storage Characteristics and Risks Consumer orientated Business orientated Policy Objectives Consumer orientated Cloud Storage Business orientated Cloud Storage Information Sharing Synchronising information Legislation, Policy and Guidance List of approved Business Orientated Cloud Storage providers... 6

2 1. Summary Confidential University data must not be stored on consumer-oriented cloud services. It may, where the relevant risks have been addressed, and under certain circumstances, be stored on business-oriented cloud services. However, data concerning living individuals may not be stored on any cloud service, unless the University has approved the cloud provider in question for the purpose. 2. Purpose This Policy defines the University s position on the use of Cloud Storage as it relates to the potential storage of University data. The Policy sets out a clear definition of Cloud Storage and the types of University data which may be stored together with any additional safeguards which must be adhered to. 3. Cloud Storage Definition For the purposes of this policy, Cloud Storage is defined as: Public Cloud Storage Services provided by an external supplier and made available to organisations, or individuals, on terms and conditions, which are defined by the external supplier. Cloud Storage and associated files reside outwith the organisation s domain (Data Centres) and is usually accessed via a web interface and various synchronisation options, which facilitates the sharing of files and makes data available over a range of computers and other mobile devices. Examples of Public Cloud Storage providers include: DropBox Box Microsoft (SkyDrive/OneDrive) Apple (icloud) Oracle IBM Google 4. Scope This policy applies to all University data i.e. information which arises in University teaching, research and administration, and applies to all staff, students and other parties who have access to University data. Any exceptions must be documented and approved by the Information Policy and Strategy Committee. This policy does not override policies covering data owned or provided by other organisations, and individuals must adhere to any other relevant policies including those stipulated by the organisation providing the data. In situations where that policy differs from this one, the stronger of the two requirements must be respected, unless both organisations have agreed otherwise. 5. Cloud Storage Characteristics and Risks Cloud storage may be characterised as consumer orientated or business orientated. page 2

3 5.1 Consumer orientated Consumer orientated Cloud storage is commonplace and is often made available free of charge to individuals via a user registration process or bundled with many service offerings and initial hardware purchases. Individuals access their Cloud storage via a number of options including; Web Browser Desktop synchronisation client Drive mapping or equivalent Mobile app This means that individuals have access to their storage across a range of devices providing a wide choice of access technologies and data sharing options. However when signing up with a cloud storage provider the individual must accept the provider s Terms and Conditions and any associated service level agreement. This presents a number of risks to the security, confidentiality and availability of the individual s data; in particular: There is no guarantee on data protection, retention or backup The Cloud provider may store data outwith the UK/EU and not be bound by UK/EU laws relating to the protection of personal data. Individuals should read carefully the Terms and Conditions governing the use of their Cloud storage with particular reference to; o Circumstances leading to account termination and potential loss of data. o Provider s liability for negligence with respect to misuse, exposure, loss or damage of data o Confidentiality of data with respect to Providers data mining activities and potential resale of o information for advertising, user tracking and user profiling purposes. Considerations about who actually owns the data and therefore has full rights over it. Some cloud providers may assert ownership of any data stored in the provider s cloud, or reserve the right to do so in future. The financial stability of Cloud Storage providers should be considered to avoid a potential end of service with no or little notice. 5.2 Business orientated There are several Cloud storage providers who offer services specifically tailored for business use. Organisations contract with their preferred cloud storage provider for specific services and manage the accounts for the individuals within their organisation who they wish to have access to Cloud Storage. Authorised individuals access their allocated Cloud storage via a number of options including; Web Browser Desktop synchronisation client Drive mapping or equivalent Mobile app This means that authorised individuals have access to their allocated storage across a range of devices providing a wide choice of access technologies and data sharing options. The Business orientated Cloud storage services address many of the risks associated with the consumer versions, in particular The terms and conditions and service level agreement is tailored to business needs page 3

4 The organisation retains full ownership of their data Security, confidentiality and availability of data are sometimes assured via industry standard accreditations e.g. ISO 27001, EU Safe Harbour. Data retention and backup arrangements are defined There is no advertising built from data mining or other uses of Business data The Cloud provider s liability relating to negligence, misuse, lose or damage of data is better defined From a corporate and legal perspective several issues remain, which need to be considered and addressed before deciding on the type of information that is suitable for Cloud Storage via an external provider. In particular: Research data management, where either the organisation providing the data, or the funding body have specific requirements for where it must reside e.g. in the UK, or in the University itself. Data Protection Act, governing the storage and management of personal information The University s policy on confidential data Risks associated with automatic data synchronisation between Cloud storage and corporate/personal devices Also, agencies of foreign governments may potentially have access to data in cloud storage, and this may be a concern for storing certain types of information. 6. Policy 6.1 Objectives Safeguard the security, confidentiality, integrity and availability of the University s information assets. Ensure compliance with national and international laws governing the storage and guardianship of data Ensure compliance with contractual commitments relating to the storage and guardianship of data Ensure that University employees and other partners understand the University s requirements relating to the storage and guardianship of data 6.2 Consumer orientated Cloud Storage Allowed Only non-confidential information which the University has placed in the public domain or would release into the public domain, for example under Freedom of Information, may be stored within Consumer orientated Cloud Storage. Any allowable information stored within Consumer Orientated Cloud Storage should also have copies held within the University, and therefore not comprise the only copy. Not Allowed The University forbids the use of consumer orientated Cloud Storage for the following information assets: Information which the University considers private and would not make available to the public, or might be exempt from release under Freedom of Information Personal data i.e. that which concerns living individuals and hence falls under the Data Protection Act Information relating to contractual undertakings between the University and third parties Information relating to research outcomes, prior to publication Information relating to the normal business of the university including, s, minutes of meetings, reports, budget statements, audit reports, proposals, project plans, project progress reports, strategic reviews etc. page 4

5 6.3 Business orientated Cloud Storage The University accepts that business-orientated Cloud Storage can provide solutions for a wide range of strategic objectives including: Ease of information sharing between individuals within the University Ease of sharing of information between individuals within the University and other partners outwith the University Ability to access information whilst away from the University via a range of device types Security, confidentiality and availability of Information assets Allowed The University permits the storage of public, private and confidential information within businessorientated Cloud Storage as long as the following conditions are met: The information is not personal data (i.e. relating to living persons). The activity is in accordance with the University s policy on confidential data. The service-specific contract and service level agreement (SLA) must satisfy the University s requirements for information guardianship. The University s legal and contractual obligations must not be compromised Where the Service specific contract and SLA does not guarantee the timely recovery of lost or damaged data then any allowable information stored within Business Orientated Cloud Storage should be copies of information held elsewhere within the University and therefore not the only version. The University must retain management control of the user accounts associated with cloud storage subscriptions Not Allowed The University does not permit the storage of the following types of information on businessorientated cloud storage services: Personal data as defined by the Data Protection Act Information subject to specific requirements on storage location e.g. must be held within the University s own data centres Further details about the University s requirements and legal commitments can be found under the Legislation, Policy and Guidance section below Clarifications and advice on Allowable use is available from the Data Protection and Freedom of Information Office and IT Services via the IT Services help desk. 7. Information Sharing The following restrictions apply to the sharing and synchronisation of University data. Where there is a requirement to share information with others then it is important that individuals who enable the sharing of data do so with the following safeguards: Grant access to the specific Folders and files that are required to support the Collaboration or information sharing and ensure that no other folders or files are made available. Inform all individuals involved in the collaboration or information sharing that they have a duty of care for the information provided and must honour all security requirements as well as privacy or confidentiality commitments. page 5

6 8. Synchronising information Synchronising information to and from Allowable Cloud Storage can provide significant advantages in terms of information availability and speed of access. Synchronising information across a range of devices requires the following safeguards: Individuals must ensure that the devices involved in the synchronisation process are protected as far as possible from unauthorised access or loss. Mobile devices must have a PIN code or equivalent enabled. Individuals must ensure that the devices involved in the synchronisation process are protected as far as possible from malware and are kept up to date with vendor supplied security patches. Individuals must ensure that any private or sensitive University information is further protected via strong data encryption. Laptops must have Full Disk Encryption configured before data is synced. 9. Legislation, Policy and Guidance Data Protection and Freedom of Information Office (University of Glasgow) Policy and Guidelines on Confidential Data in (University of Glasgow) Data management Support for Researchers (University of Glasgow) Guidance on the Use of Cloud Computing (Information Commissioners Office) 10. List of approved Business Orientated Cloud Storage providers The University will maintain and publish a list of approved Business Orientated cloud Storage providers to ensure that Colleges and University services staff choose the most appropriate supplier for their specific purposes. The list will be maintained by IT Services and published on the University web site. For the purposes of this draft policy the current list of approved suppliers is as follow. Arkivum (Current service) For Research Data Management archive at project closure. The Arkivum Research Data management services were contracted via an open procurement conducted on behalf of the UK academic institutions by JISC. Microsoft OneDrive for Business (In development at University of Glasgow release September 2015) OneDrive for business is part of the Office 365 suite of services which deliver a rich set of Business class collaboration solutions. The complete suite of services has been reviewed by the JISC on behalf of UK Academic Institutions leading to advantageous changes to Contract terms and the supporting Service Level Agreement. In addition Office 365 has been approved by the UK Government to hold or transact public sector data for business conducted at the OFFICIAL level of Security Classification. Draft Document Control Draft (rev 1.209) for comment ( ) Layout revision ( ) page 6

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

OneDrive for Business Frequently Asked Questions

OneDrive for Business Frequently Asked Questions Office 365 for Education User Guides OneDrive for Business Frequently Asked Questions Table of Contents What is OneDrive for Business?... 3 How do I access my OneDrive for Business account?... 3 How do

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Document title. Using Cloud Based Storage Services. Introduction

Document title. Using Cloud Based Storage Services. Introduction Document title ICE s Geospatial Engineering Panel has published a series of reports concerned with various subjects such as A civil engineers guide to GPS and GNSS and many others. Designed to be both

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

CLOUD SERVICES RHUL CODE OF PRACTICE. Cloud Services RHUL Code of Practice

CLOUD SERVICES RHUL CODE OF PRACTICE. Cloud Services RHUL Code of Practice CLOUD SERVICES RHUL CODE OF PRACTICE Document Id Cloud Services RHUL Code of Practice Sponsor Laura Gibbs Author Nigel Rata Date December 2014 Version Control Log Version Date Change 1.0 10/10/12 Initial

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

EA-ISP-001 Information Security Policy

EA-ISP-001 Information Security Policy Technology & Information Services EA-ISP-001 Information Security Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 13/03/2015 Document Security Level: PUBLIC Document Version: 2.41 Document Ref:

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

Information Security Policy

Information Security Policy You can learn more about the programme by downloading the information in the related documents at the bottom of this page. Information Security Document Information Security Policy 1 Version History Version

More information

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Meritec Limited Meritec House, Acorn Business

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud (educational apps) software services and the Data Protection Act

Cloud (educational apps) software services and the Data Protection Act Cloud (educational apps) software services and the Data Protection Act Departmental advice for local authorities, school leaders, school staff and governing bodies October 2014 Contents 1. Summary 3 About

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

Indicative Requirements for Cloud Service Providers. connect communicate collaborate Requirements Document Cloud Services connect communicate collaborate www.geant.net This document has been produced with the financial assistance of the European Union. The contents of this document are

More information

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk

The Cloud. IIA Seminar, York April 30 th 2015. www.bakertilly.co.uk The Cloud IIA Seminar, York April 30 th 2015 www.bakertilly.co.uk Introduction David Morris Technology Services Director with Baker Tilly Qualified Internal Auditor Based in Manchester Baker Tilly is an

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager. London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate

More information

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0 NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security

More information

Cloud Software Services for Schools. Supplier Self Certification Statements with Services and Support Commitments

Cloud Software Services for Schools. Supplier Self Certification Statements with Services and Support Commitments Cloud Software Services for Schools Supplier Self Certification Statements with Services and Support Commitments Supplier Name One Team Logic Limited Address Unit 2 Talbot Green Business Park Heol-y-Twyn

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

IT Data Security Policy

IT Data Security Policy IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...

More information

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview)

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview) August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

White Paper. Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance

White Paper. Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance White Paper Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance Author Document Number Revision Issue Date Copyright : : : : : Ben Martin WHP-1010 V2.2

More information

IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY Department of Health Government of Western Australia IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY 2004 Document Control Date Version Notes Author 10/11/2003 0.1 Initial

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Data Security Policy

Data Security Policy Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:

More information

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online

More information

GLOSSARY OF TECHNICAL TERMS

GLOSSARY OF TECHNICAL TERMS This glossary contains explanations of certain terms, definitions and abbreviations used in this prospectus in connection with our Group and our business. The terms and their meanings may not correspond

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Request for information on the document re: cloud and secure storage posted on the DfE website, response provided by DfE and Schools Commercial team: The focus of the project is on data security/safety

More information

Information Security Policy

Information Security Policy Information Security Policy Revised: September 2015 Review Date: September 2020 New College Durham is committed to safeguarding and promoting the welfare of children and young people, as well as vulnerable

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Big Data Analytics Service Definition G-Cloud 7

Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated

More information

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document

More information

Corporate Records Management Policy

Corporate Records Management Policy Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management

More information

Management of Official Records in a Business System

Management of Official Records in a Business System GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version

More information

Records Management Policy & Guidance

Records Management Policy & Guidance Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Arkivum s 500% Lifetime Guarantee

Arkivum s 500% Lifetime Guarantee ArkivumLimited R21 Langley Park Way Chippenham Wiltshire SN15 1GE UK +44 1249 405060 info@arkivum.com @Arkivum arkivum.com Arkivum s 500% Lifetime Commercial Note 1 / 5 Management Summary Clients investing

More information

Information Security Policy

Information Security Policy Information Security Policy Contents 1. Introduction...2 2. Purpose...2 3. Governance and responsibility for information security...3 4. Risk Management...3 5. Asset Management and Classification...3 6.

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

TATE RECORDS MANAGEMENT POLICY

TATE RECORDS MANAGEMENT POLICY TATE RECORDS MANAGEMENT POLICY Adopted November 2013 Date of next review: November 2018 1. Introduction 1.1 Link to legislation and strategy Records management is linked to Tate s overall strategy outlined

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Isuz Ltd. trading as Schoolcomms

More information

Records Management and Security Procedure. Approved by: Executive Management Team Version: 1.2 Date: 21.9.2015

Records Management and Security Procedure. Approved by: Executive Management Team Version: 1.2 Date: 21.9.2015 Document: Records Management and Security Procedure Approved by: Executive Management Team Version: 1.2 Date: 21.9.2015 1. Overview Senior management of Wentworth Institute ( WINWIN ) have a legal responsibility

More information

Risk Management Authority

Risk Management Authority Risk Management Authority Records Management Plan RMA Records Management Plan 0 Contents Page 1. Introduction 2 1.1 Background 2 1.2 Records Management in the RMA 3 1.3 Records covered by this Plan 3 1.4

More information

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data Jisc Safe Harbour NOTE ON THE COURT OF JUSTICE OF THE EUROPEAN UNION'S JUDGMENT ON 'SAFE HARBOUR' ARRANGEMENTS FOR THE TRANSFER OF PERSONAL DATA FROM THE EEA TO THE USA KEY POINTS Safe Harbour Agreement

More information

Information Governance and Assurance Framework Version 1.0

Information Governance and Assurance Framework Version 1.0 Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments. SafeGuard Software Limited

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments. SafeGuard Software Limited Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone SafeGuard Software Limited

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact

More information

OFFICIAL. NCC Records Management and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

CLOUD ATTACHED STORAGE. Protect your data, protect your business

CLOUD ATTACHED STORAGE. Protect your data, protect your business CLOUD ATTACHED STORAGE Protect your data, protect your business CONTENTS Introduction 3 Data The Life Blood of a Business 3 Sharing, Synchronising and Securing Data 4 Cloud-Based Solutions 5 The Role of

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Cloud computing. Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com

Cloud computing. Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com Cloud computing Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com Abstract This article deals problematic of the cloud computing. In the article

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY [Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body

More information

Records and Information Management. General Manager Corporate Services

Records and Information Management. General Manager Corporate Services Title: Records and Information Management Policy No: 057 Adopted By: Chief Officers Group Next Review Date: 08/06/2014 Responsibility: General Manager Corporate Services Document Number: 2120044 Version

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH March 2016 Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer,

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

Data Transfer Policy. Data Transfer Policy London Borough of Barnet Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

ANU Electronic Records Management System (ERMS) Manual

ANU Electronic Records Management System (ERMS) Manual ANU Electronic Records Management System (ERMS) Manual May 2015 ERMS Manual May 2015 1 Contents The ERMS Manual 1. Introduction... 3 2. Policy Principles... 3 3. The Electronic Records Management System...

More information

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future. Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your

More information

Bring Your Own Devices (BYOD) Information Governance Guidance

Bring Your Own Devices (BYOD) Information Governance Guidance Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own

More information

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses

More information

Abertay Data Storage Policy

Abertay Data Storage Policy Abertay Data Storage Policy Author Louise Cardno, Business Analyst Reviewer Frazer Greig, ICT Operations Manager Approved by Michael Turpie, Head of Information Services Approval date(s) 03-Jun-2015 Review

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

Information Management Policy for The Treasury Department

Information Management Policy for The Treasury Department Information Management Policy for The Treasury Department File reference: [ITM/POL/01] Table of contents Topic Page Purpose 1 Scope 1 Policy statement 2 Policy context Laws and standards Record keeping

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Investigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud

Investigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486) Investigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud Report

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

GLOSSARY OF TECHNICAL TERMS

GLOSSARY OF TECHNICAL TERMS This glossary contains explanations of certain terms, definitions and abbreviations used in this document in connection with our Group and our business. The terms and their meanings may not correspond

More information