PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

Size: px
Start display at page:

Download "PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS"

Transcription

1 PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

2 A DELICATE BALANCE Every year brings stories of organisations falling victim to the embarrassing, costly or disruptive consequences of staff misusing their access and privileges. But with the appropriate personnel security measures in place organisations can significantly reduce their exposure to intentional and unintentional insider acts. The Human Resource team has a pivotal role to play, balancing security risks against the need to ensure employees remain able to perform their duties and buy in to any new measures. It is essential that HR executives recognise the vulnerabilities and are in a position to offer advice and best practice to colleagues, amidst potentially difficult and sensitive circumstances. CPNI s range of advice and guidance can help HR and security teams to: About CPNI The Centre for the Protection of National Infrastructure (CPNI) is the government authority that provides advice on protecting the country s essential services, facilities and networks from terrorism and other threats. Though its focus is on securing the national infrastructure energy, transport, health, telecommunications etc. many businesses and organisations can benefit from its general advice for protecting staff, property and IT systems, much of which is available from Identify security measures in proportion to the risk. Reduce the risk of employing personnel likely to present a security concern. Establish that applicants and contractors are who they claim to be. Close down opportunities for abuse of the organisation s assets.

3 Practical security advice for personnel managers Staff who may look to exploit their legitimate access for unauthorised purposes can take a variety of forms: disaffected individuals, activist groups, journalists, competitors, those with links to organised crime or even those involved in terrorism. In many organisations, personnel security is still regarded as a recruitment issue rather than something to address throughout a staff member s time in employment. But ongoing personnel security measures can not only reduce vulnerabilities, they can also encourage a hugely beneficial securityconscious culture amongst staff at every level of the organisation. Identifying the right measures can be a significant challenge involving complex strategic decisions. There are legal and resource implications to consider, whilst implementing the wrong measures can prove costly and disruptive. And then there is the need to ensure changes are transparent and understood at stake is the relationship and level of trust between an organisation and its staff. CPNI advice can help personnel and security teams understand and prepare for the challenges involved. Building on the experiences of the organisations who contribute to our research, our products offer practical tips, checklists and advice to help managers adopt the right personnel measures for their own circumstances.

4 Personnel security: threats, challenges and measures Introductory guidance for those with new security, recruitment or line management responsibilities: What is personnel security Why it is important What is involved Ongoing personnel security Advice and best practice to reduce the risk of insider activity: Engaging with staff Managing contractors and short-term staff Conducting investigations

5 Document verification guidance How to distinguish genuine employee verification documents (passport, qualifications) from forgeries. Pre-employment screening guidance A one-stop guide to best practice for screening applications, including: Authenticating identity Verifying the right to work in the UK Confirming employment history and qualifications Checking criminal records These documents are available to download at Risk assessment for personnel security Using a fictional case study, this guidance document helps security and human resource managers to: Conduct personnel security risk assessments Identify insider threats Prioritise the risks Choose the appropriate counter-measures

Industry Security Notice

Industry Security Notice Industry Security Notice Number 2011/01 Subject: ADVICE ON THE USE OF SOCIAL MEDIA AND NETWORKING SITES BY MOD CONTRACTOR STAFF Introduction 1. The Ministry of Defence (MOD) is aware of the prevalence

More information

CEOP Relationship Management Strategy

CEOP Relationship Management Strategy Making every child child matter matter... everywhere... everywhere CEOP Relationship Management Strategy Breaking down the barriers to understanding child sexual exploitation Child Exploitation and Online

More information

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY Compliance Compliance Toolkit Protecting Charities from Harm Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY The Charity Commission The Charity Commission is

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

ATINER's Conference Paper Series COM2013-0428. The Use of Honeytokens in Database Security

ATINER's Conference Paper Series COM2013-0428. The Use of Honeytokens in Database Security Athens Institute for Education and Research ATINER ATINER's Conference Paper Series COM2013-0428 The Use of Honeytokens in Database Security Penny Ross Senior Lecturer University of Portsmouth UK Amanda

More information

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements Develop, maintain and evaluate business continuity plans and arrangements Overview This standard is about developing, maintaining and evaluating business continuity plans to ensure that organisations continue

More information

Report to the Council of Australian Governments. A Review of the National Identity Security Strategy

Report to the Council of Australian Governments. A Review of the National Identity Security Strategy Report to the Council of Australian Governments A Review of the National Identity Security Strategy 2012 Report to COAG - Review of the National Identity Security Strategy 2012 P a g e i Table of contents

More information

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers. National Unit specification General information Unit code: H9HY 45 Superclass: CC Publication date: September 2015 Source: Scottish Qualifications Authority Version: 02 Unit purpose The purpose of this

More information

SENIORS ONLINE SECURITY

SENIORS ONLINE SECURITY SENIORS ONLINE SECURITY Seniors Online Security Five Distinct Areas Computer security Identity crime Social networking Fraudulent emails Internet banking 1 Computer security 2 There are several ways that

More information

The Cambridge Executive MBA - Seeking Employer Support

The Cambridge Executive MBA - Seeking Employer Support - Seeking Employer Support An Executive MBA is a programme designed for people who have excelled in their career to date and have proved their ambition and drive to succeed and wish to invest in their

More information

PERSONNEL SECURITY RISK ASSESSMENT

PERSONNEL SECURITY RISK ASSESSMENT PERSONNEL SECURITY RISK ASSESSMENT A GUIDE 4 th Edition - June 2013 Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

Regulation of Investigatory Powers Act 2000

Regulation of Investigatory Powers Act 2000 Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen

More information

Helping you to protect yourself against fraud and financial crime

Helping you to protect yourself against fraud and financial crime Helping you to protect yourself against fraud and financial crime first direct takes fraud & other financial crimes very seriously. Even though we have market-leading fraud detection systems, we want you

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information

Corporate Security in 2016.

Corporate Security in 2016. Corporate Security in 2016. A QA Report Study Highlights According to ThreatMetrix, businesses in the UK are at greater risk of cybercrime than any other country in the world. In a recent survey carried

More information

Managing risk, insurance and terrorism

Managing risk, insurance and terrorism COUNTING THE COST Managing risk, insurance and terrorism produced by NaCTSO wishes to acknowledge the contributions made by many individuals associated with the following organisations: Home Office: The

More information

How To Design A Project

How To Design A Project Introduction to Procurement Why is procurement important? Client needs are unique and consequently each project meeting those needs has unique characteristics. This means that achieving the right project

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

The Case for a Processor Serial Number Control Unit

The Case for a Processor Serial Number Control Unit Introduction Cyber-Rights & Cyber-Liberties (UK) Report on the Intel 1 Pentium 1 III Processor Serial Number Feature Recently Intel have announced that the new Pentium III processor, due for release in

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

HUMAN RESOURCES POLICIES & PROCEDURES

HUMAN RESOURCES POLICIES & PROCEDURES HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

SCOTTISH CHILDREN S REPORTER ADMINISTRATION Part 1 - Policy for Fraud Prevention, Detection and Investigation 1. Introduction 1.1 SCRA like other public bodies, has a duty to conduct its affairs in a responsible and transparent way and to take into

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

ESKISP6064.03 Conducts vulnerability assessment under supervision

ESKISP6064.03 Conducts vulnerability assessment under supervision Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

The Cancer Running Through IT Cybercrime and Information Security

The Cancer Running Through IT Cybercrime and Information Security WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:

More information

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH March 2016 Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer,

More information

The rise of new e commerce channels: Shoppers Delight or Gangsters Paradise?

The rise of new e commerce channels: Shoppers Delight or Gangsters Paradise? The rise of new e commerce channels: Shoppers Delight or Gangsters Paradise? 2011 Introduction from Michael Norton Managing Director, PayPoint.net As evidenced by the IMRG in May 2011, the online retail

More information

Professional issues. Una Benlic ube@cs.stir.ac.uk

Professional issues. Una Benlic ube@cs.stir.ac.uk Professional issues Una Benlic ube@cs.stir.ac.uk Aims Give a precise meaning of the terms profession and professional Discuss the obligations and privileges which membership of a profession carries Consider

More information

Driving License. National Insurance Number

Driving License. National Insurance Number STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Use and Change of Names

Use and Change of Names Use and Change of Names 16 August 2016 Issued by International and Immigration Policy Group Home Office Contents Introduction... 3 Policy Rationale... 3 What is the requirement of the policy?... 3 What

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

Advice leaflet Internet and e-mail policies

Advice leaflet Internet and e-mail policies Advice leaflet Internet and e-mail policies Introduction Electronic communications have revolutionised business communications, although the huge increase in use has taken some organisations by surprise.

More information

Introduction. Clarification of terminology

Introduction. Clarification of terminology Initiating a dialogue about the security of digital built assets: a guide for managers (with regard to PAS 1192-5, A Specification for security-minded building information modelling, digital built environments

More information

ADVANCED ANTI-MONEY LAUNDERING COURSE. Course Notes

ADVANCED ANTI-MONEY LAUNDERING COURSE. Course Notes ADVANCED ANTI-MONEY LAUNDERING COURSE Course Notes Course Provider: Course: Riliance Training Limited Advanced Continuing Professional Development (CPD) The person undertaking this course has been awarded

More information

low levels of compliance with the regulations and POCA by negligent HVD operators are enabling criminals to launder the proceeds of crime

low levels of compliance with the regulations and POCA by negligent HVD operators are enabling criminals to launder the proceeds of crime 6.185 Under the regulations HMRC must maintain a registry of HVDs. However the regulations do not enable HMRC to conduct a fit and proper person test on those who seek to register as an HVD. From 2004

More information

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Cyber Security Purpose This paper briefs Members on the global cyber security outlook facing governments of some

More information

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 Business Continuity Management A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 We know you re always going to try your best for your business, but things do occasionally and unexpectedly

More information

MANAGE THIRD PARTY RISKS

MANAGE THIRD PARTY RISKS SECURITY FOR INDUSTRIAL CONTROL SYSTEMS MANAGE THIRD PARTY RISKS A GOOD PRACTICE GUIDE Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer,

More information

How To Behave At The Britain Council

How To Behave At The Britain Council Our Code of Conduct Trust is not given. It s earned www.britishcouncil.org Contents Foreword from Chief Executive...01 Our values...02 Introduction...03 Our code of conduct...04 1. Legal compliance...

More information

How To Pass Cambriac English: First For Schools

How To Pass Cambriac English: First For Schools First Certificate in English (FCE) for Schools CEFR Level B2 Ready for success in the real world Cambridge English: First for Schools Cambridge English: First, commonly known as First Certificate in English

More information

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam,

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam, Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET 7 th May 2014 Dear Sir or Madam, The Federation of Small Businesses (FSB) welcomes the opportunity to respond to this consultation

More information

COMPUTER USAGE - EMAIL

COMPUTER USAGE - EMAIL BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

DISCIPLINARY PROCEDURE

DISCIPLINARY PROCEDURE DISCIPLINARY PROCEDURE INTRODUCTION These procedures are compliant with the ACAS code of practice and are designed to help and encourage staff at Pilgrims Hospice to achieve and maintain required standards

More information

Specification for Learning and Qualifications for Common Security Industry Knowledge

Specification for Learning and Qualifications for Common Security Industry Knowledge Specification for Learning and Qualifications for Common Security Industry Knowledge December 2014 Security Industry Authority PO Box 49768 London WC1V 6WY E-mail info@the-sia.org.uk www.the-sia.org.uk

More information

FEELING VULNERABLE? YOU SHOULD BE.

FEELING VULNERABLE? YOU SHOULD BE. VULNERABILITY ASSESSMENT FEELING VULNERABLE? YOU SHOULD BE. CONTENTS Feeling Vulnerable? You should be 3-4 Summary of Research 5 Did you remember to lock the door? 6 Filling the information vacuum 7 Quantifying

More information

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012 Monitoring and Logging Policy Document Status Security Classification Version 1.0 Level 1 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Change History

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Data publication and access policy on.fr registrations - 1 -

Data publication and access policy on.fr registrations - 1 - Data publication and access policy on.fr registrations - 1 - - - 1 - 1. Introduction A. Definitions As a registry and according to the provisions of article L45 of the Post and Electronic Communications

More information

INSIDER THREAT DETECTION RECOMMENDATIONS. www.alienvault.com

INSIDER THREAT DETECTION RECOMMENDATIONS. www.alienvault.com INSIDER THREAT DETECTION RECOMMENDATIONS www.alienvault.com Insiders, Moles & Compromises According to the second annual SANS survey on the security of the financial services sector, the number one threat

More information

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

Share with a colleague. 27 June 2012 London. Contact. Graham More Partner +44 20 7466 2002. Susannah Cogman Partner +44 20 7466 2580

Share with a colleague. 27 June 2012 London. Contact. Graham More Partner +44 20 7466 2002. Susannah Cogman Partner +44 20 7466 2580 Page 1 of 5 Transparency International issues Anti-Bribery guidance on due diligence for Transactions Transparency International ("TI") has issued guidance for anti-bribery due diligence in mergers, acquisitions

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

DVLA ELISE GSi Closed User Group Code of Connection

DVLA ELISE GSi Closed User Group Code of Connection DVLA ELISE GSi Closed User Group Code of Connection Security Warning Notice The following handling instructions apply to this document: - Handle, use and transmit with care - Take basic precautions against

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

Module 4. Risk assessment for your AML/CTF program

Module 4. Risk assessment for your AML/CTF program Module 4 Risk assessment for your AML/CTF program AML/CTF Programs Risk assessment for your AML/CTF program Page 1 of 27 Module 4 Risk assessment for your AML/CTF program Risk assessment for your AML/CTF

More information

The Department for Business, Innovation & Skills (BIS) & The Home Office. Tackling exploitation in the labour market

The Department for Business, Innovation & Skills (BIS) & The Home Office. Tackling exploitation in the labour market The Chartered Institute of Building submission to The Department for Business, Innovation & Skills (BIS) & The Home Office on the consultation on Tackling exploitation in the labour market 3 December 2015

More information

RISK ASSESSMENT FOR PERSONNEL SECURITY A GUIDE 3 RD EDITION

RISK ASSESSMENT FOR PERSONNEL SECURITY A GUIDE 3 RD EDITION RISK ASSESSMENT FOR PERSONNEL SECURITY A GUIDE 3 RD EDITION Contents Introduction 2 Overview 3 The organisation level risk assessment 8 Organisation level risk assessment case study 17 The group level

More information

HIPAA Compliance Evaluation Report

HIPAA Compliance Evaluation Report Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

ID3 Applications. 800 million people One solution. Forward thinking solutions for a global industry. because identity matters

ID3 Applications. 800 million people One solution. Forward thinking solutions for a global industry. because identity matters ID3 Applications Forward thinking solutions for a global industry because identity matters 800 million people One solution ID3 Applications Forward thinking solutions for a global industry Background As

More information

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective. Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

Report on Pre-Appointment Screening Procedures employed by the National Recruitment Service for the Health Service Executive (HSE)

Report on Pre-Appointment Screening Procedures employed by the National Recruitment Service for the Health Service Executive (HSE) Report on Pre-Appointment Screening Procedures employed by the National Recruitment Service for the Health Service Executive (HSE) February 2013 September 2007 Contents Introduction... 3 Commission s Code

More information

Human Resources Trainee

Human Resources Trainee Human Resources Trainee SUMMARY INFORMATION HR TRAINEE (Vacancy Number 351) Duration 3 years Salary 16,131 to 18,588 per annum Entry qualifications English and Maths Highers What is HR? Human Resources

More information

UoB Risk Assessment Methodology

UoB Risk Assessment Methodology [Type here] UoB Risk Assessment Methodology The Risk Assessment Methodology describes how information security risk will be managed, including guidance for assessing, scoring, choosing acceptance or treatment

More information

CYBER STREETWISE. Open for Business

CYBER STREETWISE. Open for Business CYBER STREETWISE Open for Business As digital technologies transform the way we live and work, they also change the way that business is being done. There are massive opportunities for businesses that

More information

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013 Use of Social Networking Websites Policy START DATE: March, 2013 NEXT REVIEW: March 2015 COMMITTEE APPROVAL: Joint Management Trade Union Committee CHAIR S SIGNATURE: STAFF SIDE CHAIR S SIGNATURE: DATE:

More information

Environment Sustainability & Highways

Environment Sustainability & Highways Job Title: ICT Contract Manager Job Grade: Band 5 Directorate: Environment Sustainability & Highways Job Reference Number: P01265 The Role The ideal candidate for this role would be a perceptive, technically

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

The Essex Drug and Alcohol Action Plan - Work at Home

The Essex Drug and Alcohol Action Plan - Work at Home Job Title: Job Grade: Directorate: Job Reference Number: Treatment Specialist Band 6 (30 Hrs per week) Adults, Health & Community Wellbeing P00206 The Role To support the effective planning, development

More information

Intellectual Property

Intellectual Property Intellectual Property Protection Helpsheet When running a business you need to consider protecting your intellectual property which could be anything from your logo to inventions, products and designs.

More information

CORPORATE PHILANTHROPY. Achieving integrated social purpose

CORPORATE PHILANTHROPY. Achieving integrated social purpose CORPORATE PHILANTHROPY Achieving integrated social purpose Corporate philanthropy: integrating social purpose into business Harnessing the power of capital to support what we most value is critical for

More information

Information Security: Business Assurance Guidelines

Information Security: Business Assurance Guidelines Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

More information

How To Deal With Social Media At Larks Hill J & I School

How To Deal With Social Media At Larks Hill J & I School LARKS HILL JUNIOR & INFANT SCHOOL Social Media Policy Written: Reviewed Autumn Term 2015 Larks Hill J & I School Social Media Policy 1. Introduction For the purposes of this policy, social media refers

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

The most comprehensive online investigative solution in the market

The most comprehensive online investigative solution in the market The most comprehensive online investigative solution in the market Equifax Public Sector Gateway can help increase productivity, drive better results, cut processing time and improve performance. Our understanding

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

Information sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers

Information sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers Information sharing Advice for practitioners providing safeguarding services to children, young people, parents and carers March 2015 Contents Summary 3 About this government advice 3 Who is this advice

More information

Officers Code of Conduct

Officers Code of Conduct Officers Code of Conduct Effective from: 17 th September 2014 Approved by Council on 17 th September 2014 1. INTRODUCTION 1.1 The Council believes that its activities demand the highest standards of confidence

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Introductory Level Management Training Programme

Introductory Level Management Training Programme Introductory Level Management Training 2016 Foreword January 2016 Managers and supervisors across the career development sector, be this in the context of career education, career guidance/development,

More information

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment This template is provided to support the police service and other law enforcement agencies (LEA)

More information