YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY"

Transcription

1 YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September 2005 assessment done Next Review Date September 2008 Review Body IM&T Steering Group Approved by IM&T Steering Group Policy Number IMT 07 Date of Approval November 2005 Classification IM&T

2 PC Security Policy Contents Page 1. Purpose 2 2. Scope 2 3. Roles and Responsibilities 2 4. Acquisition of Computer Assets 2 5. PC Security Software Copyright The Data Protection Act Password Security Good Password Practice Password Maintenance Prevention from Software Viruses Actions against Software Viruses 6 6. Hardware and Software Procurement System Installation Maintenance Disposal/Relocation of Equipment 7 7. Equality 7 8. Training and Awareness 7 9. Review Discipline 7 PC Security Policy 1

3 1. Purpose The purpose of this policy is to make users aware of the requirements that need to be met when using Trust PCs to ensure secure use. This policy is also designed to adhere to the BS7799 standard. 2. Scope This policy applies to all employees of the Trust in all locations including the Non-Executive Directors, temporary employees, locums and contracted staff. 3. Roles and Responsibilities The Head of IT will publicise appropriate PC security standards and guidelines. The Head of IT will also ensure they are conformed to and will monitor compliance where necessary. 4. Acquisition of Computer Assets Please refer to IM&T Procurement Policy (IM&T03) In addition the IT Department will hold a central asset register of all PC Hardware and Software, for auditing and software licensing compliance. 5. PC Security Each PC user will take personal responsibility for the security of the equipment, software and data under his/her control. Line managers will ultimately be responsible for ensuring that users under their management are aware of this and that adequate security measures are in place to protect these assets. IT Security reviews can be undertaken by the Head of IT or Data Protection Lead PC s and peripherals (scanners, printers and barcode readers etc.) will be switched off when not in use for long periods of time. PC s will, where practical, be physically protected from exposure to: Excessive heat, cold and humidity Dust Magnetic fields Static Electricity Liquids A PC or peripheral will only be opened (to expose its electronic components) and worked on by authorised Trust IT staff. It is the responsibility of the user or their line manager to verify the identity of the person attending to any equipment to ensure they are authorised individuals. PC Security Policy 2

4 Only computer software authorised by the IT Department will be loaded onto or used on PCs that are or may be connected to the Trust s network infrastructure. Only the members of the IT Department is permitted to load software on to PCs in use in the Trust. PCs that are fitted with locks or other security devices will be secured when left unattended. Any key, token or other device will be removed and retained by the user for safekeeping. All PCs are to be logged off or locked (Windows + l) when left unattended. Master copies of software will be held in the IT department. No member of staff will use a PC without proper authority i.e must have a valid user name and password which was issued to the user using the system. Any suspected unauthorised use of a PC will need to be reported in line with the Trust s Incident Reporting procedures. PCs identified by managers as at risk (defined as at risk of unauthorised access) will be protected by a BIOS password (start-up password) or other security measures as deemed appropriate by the Head of IT. Server and PCs that are used as servers will be clearly marked, be physically separated from the LAN PCs and located in a secure area. 5.1 Software Copyright Each PC user will ensure that no one loads unauthorised (pirate) software on his/her PC. This is to ensure that all software on the PC is properly licensed and registered as required by law under the The Copyright, Designs and Patents Act Each PC user will ensure that no illegal copies of the software are made from either software that is resident on his/her PC or from media in his/her possession. The IT Department retains the right to remove any illegal or unauthorised software. Software resident on the PC will be deleted if the PC is being disposed of (see Disposal of PC and Printer Equipment Policy (IMT04), or if the original version of the software is passed on to another individual or PC with the Trust. 5.2 The Data Protection Act 1998 Each PC user will need to be familiar with the Data Protection Act before using a PC. It is the responsibility of the user to ensure compliance with the Act. It is also the responsibility of the user to read and comply with the Trust s Data Protection Policy (CP15). PC Security Policy 3

5 Each user will ensure that any personal data processed on his/her PC is covered by, or exempt from, Data Protection Registration and also complies with security standard BS7799. Further information about the Data Protection Registration and BS7799 are available from the Head of IT. New systems will be assessed to identify the need for notification and registration of the data usage under the Act. All full risk assessment and compliance with BS 7799 will also be sort before connection to the Trust s LAN (Local Area Network). 5.3 Password Security Passwords will always be allocated by the Systems Managers in a manner which classifies the level of the most sensitive data held on the system to which a user is allowed access. In the majority of cases passwords are allocated to individuals for their specific access to a system, which must not be shared with anyone else. The only current exception to this is the system where some mailboxes are set-up for shared access (e.g. all Ward staff). In these exceptions the username for the system will be a shared name (i.e. Ward name), rather than an individual s name. No one should use a username and password to access a system where that password has been allocated to another individual for their sole use. This is a strict breach of IM&T Security Policies. 5.4 Good Password Practice Each member of staff will have his/her individual username and password for the system(s) that they access. All Trust PCs will have automatically activate the screensaver if left idle for 15 minutes. Regaining access to the PC will require the user to input their password. The Library public access PCs are exempt from this. PCs when left unattended for anytime, must either be logged off the Network, screen saver activated or workstation locked (Windows NT, 2000 & XP only). When someone leaves the Trust or no longer requires access to a particular system, his/her line manager must notify the IT Helpdesk of the date that access is no longer required and access will be removed. Where it is necessary to write down a password (e.g. business continuity) it will be stored in a secure place. E.g. they must not be pinned to notice boards, left inside desk drawers, attached to keyboards or in places that are easy to access. Passwords will not been displayed on screens as they are entered. Where temporary passwords are known to systems managers or IT staff (e.g. granting access to new users or systems maintenance), the user will change the password immediately on receipt. PC Security Policy 4

6 If you suspect that your password has been breached change your password immediately and report the incident for normal Trust incident reporting procedures. Passwords must consist of a minimum of 6 characters, at least one of which will need to be a non-alpha character. Passwords will not relate to the system being accessed. Password will not relate to the user e.g. family names pet names, football teams etc. 5.5 Password Maintenance Password will be changed regularly (at least every three months or as specified in the Secure Operating Procedures for the system). Each time a password is changed a new password will be used. Reuse of passwords is not permitted. Passwords will always be changed immediately in the event that it is suspected to be known by others. Password software will ask the user for re-authentication by re-entering the old password before accepting a change of password. The new password will also need to be entered twice to ensure accuracy. Password data will be held on computer systems in encrypted form. Automated log-on procedures may contain passwords but will themselves be protected. 5.6 Prevention from Software Viruses Adequate back-up procedures must be established for PCs, documented and followed. It is recommended that users store their documents on a server to ensure back up, if you require this facility contact IT Helpdesk Procedures will be developed and used in conjunction with software developed by a reputable supplier for virus checking all disks received. Users are responsible for checking that files received on either removable media, attachments or from Internet/Intranet download are virus scanned before use. If an officially provided PC is used away from Trust premises, authorised Trust staff will only use it. Users are also required to ensure that virus detection signatures are updated regularly (once a month at a minimum). The IT Department have established procedures for regular, and recored, virus checking on all PCs connect to the Trust s LAN. 5.7 Actions against Software Viruses PC Security Policy 5

7 If an infected PC is detected, the procedure will be to: Report the incident to the IT Helpdesk Virus checking of all other possibly infected PCs Isolating the PC immediately e.g. if connected to the LAN the PC will be removed to prevent further infection. Preventing the use of the infected PC again until its reuse has been approved by the Head of IT. Removal of the Virus. Data will be reloaded from the most recent clean back-up if necessary. 6. Hardware and Software Procurement Please consult IM&T Procurement Policy (IMT03) The procurement procedures will take into account the need for hardware and software compatibility needed to support the system s contingency and recovery arrangements. Hardware or software changes which may affect the network management or other operational sites, will be agreed by all parties affected. On-going maintenance arrangements (defining levels of maintenance and minimum levels of performance) will be the subject of contractual agreement i.e. Service Level Agreement (SLA). 6.1 System Installation Only staff from or authorised by the IT Department are permitted to install hardware or software. 6.2 Maintenance Only staff from or authorised by the IT Department are permitted to allowed access to hardware or software for maintenance purposes. 6.3 Disposal/Relocation of Equipment For disposal of PC and Printer equipment refer to the Disposal of PC and Printer Equipment Policy (IMT04) and for disposal of Media please refer to the Disposal of Media Policy (IMT 06). The IT department will need to be involved in the disconnection and reconnection of all PC related equipment from the network to ensure continuity of service, however Hotel Services will need to be contacted for equipment to be moved. Disconnection and reconnections of PC equipment by non IT staff may result in the PC not functioning properly in it s new location, requiring immediate attention from an IT Technician and disrupting the IT Helpdesk service to other departments. Departments should give 2 weeks notice to the IT department to ensure that the work is scheduled appropriately. PC Security Policy 6

8 Where a substantial quantity of IT equipment is to be relocated a co-ordinator will be identified for the move. The relocation co-ordinator will compile a detailed list of all equipment (including serial numbers) being moved prior to the move and again on arrival. 7. Equality The Trust recognises the diversity of the local community and those in its employ. Our aim is therefore to provide a safe environment free from discrimination and a place where all individuals are treated fairly, with dignity and appropriately to their need. The Trust recognises that equality impacts on all aspects of its day to day operations and has produced an Equality Policy Statement to reflect this. All policies and procedures are assessed in accordance with the Equality initial screening toolkit, the results for which are monitored centrally. This policy has undergone the initial screening process in line with the Trust s Race Equality Scheme and has shown a low level of impact. 8. Training and awareness The requirement of this policy will be brought to the attention of staff via the Trust s induction training programme. A copy of this policy will be available to all staff via the Trust s Intranet web pages. Awareness of the policy will be raised through Hysbysrwydd and Team Brief. 9. Review This policy will be reviewed in 3 years time. Earlier review may be required in response to exceptional circumstances, organisational change or relevant changes in legislation or guidance. 10. Discipline Breaches of this policy will be investigated and may result in the matter being treated as a disciplinary offence under the Trust s disciplinary procedure. PC Security Policy 7

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

As a System user you need to be informed of the following issues that are governed by Trust policies and by law. Password Control Page 2

As a System user you need to be informed of the following issues that are governed by Trust policies and by law. Password Control Page 2 JAC MEDICINES MANAGEMENT CLINICAL DATA SYSTEM SECURITY DOCUMENT It is very important that information on JAC is kept secure from unauthorised access and that no one is able to use the system that has not

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE

NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE Author Director of Human Resources Equality impact

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data

More information

Information Technology (IT) Security Guidelines for External Companies

Information Technology (IT) Security Guidelines for External Companies Information Technology (IT) Security Guidelines for External Companies Document History: Version Name Org.-Unit Date Comments 1.1 Froehlich, Hafner Audi I/GO VW K-DOK 25.05.2004 Table of Contents: 1. Goal...3

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.1 Approved by: Information Governance

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

Working Together Aiming High!

Working Together Aiming High! Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

Information Security Code of Conduct

Information Security Code of Conduct Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

Guidelines for smart phones, tablets and other mobile devices

Guidelines for smart phones, tablets and other mobile devices Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

School of Computer Science and Engineering policy with regard to self-administered computers

School of Computer Science and Engineering policy with regard to self-administered computers School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Software Policy. Software Policy. Policy and Guidance. June 2013

Software Policy. Software Policy. Policy and Guidance. June 2013 Software Policy Policy and Guidance June 2013 Project Name Software Policy Product Title Policy and Guidance Version Number 1.2Final Page 1 of 8 Document Control Organisation Title Author Filename Owner

More information

Information Security Policy

Information Security Policy Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect

More information

CITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS 01752-3812

CITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS 01752-3812 CITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS 01752-3812 APPLICATION FOR INTERNET ACCESS To obtain Internet Access, complete the following form, sign and obtain department head signature and return to

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology

More information

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Computer Network & Internet Acceptable Usage Policy. Version 2.0 Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

Information Security Policy. Policy and Procedures

Information Security Policy. Policy and Procedures Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable

More information

CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION

CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION 1.0 Purpose and Scope of Policy It is the policy of the City of Waukesha (City) to respect all computer

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

JOB AND PERSON SPECIFICATION

JOB AND PERSON SPECIFICATION JOB AND PERSON SPECIFICATION Position Title: Help Desk Officer Classification Code: ASO-3 Division: Central Northern Adelaide Health Service Branch: The Queen Elizabeth Hospital Type of Appointment: Section:

More information

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE 2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Corporate Affairs Overview and Scrutiny Committee

Corporate Affairs Overview and Scrutiny Committee Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3 Notice: Plymouth Community Healthcare Community Interest Company adopted all Provider policies from NHS Plymouth when it became a new organisation on 1 October 2011. Please note that policies will be reviewed

More information

PC asset management policy

PC asset management policy PC asset management policy Name of policy, procedure or regulation Purpose of policy, procedure or regulation PC asset management policy To provide a policy framework in relation to PC asset management

More information

MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011. Version 2.0

MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011. Version 2.0 MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011 Version 2.0 Western Health and Social Care Trust Page 0 of 6 Management of User Accounts Policy Policy Title MANAGEMENT OF USER ACCOUNTS AND

More information

Decision on adequate information system management. (Official Gazette 37/2010)

Decision on adequate information system management. (Official Gazette 37/2010) Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)

More information

IT Operations User Access Management Policies

IT Operations User Access Management Policies 1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Name Job Title Signature Date Authored by:-

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

COMMUNICATIONS 10. COMMUNICATIONS. 10.1 Communication, Consultation and Information. 10.2 Security of Information. 10.3 Communication Meetings

COMMUNICATIONS 10. COMMUNICATIONS. 10.1 Communication, Consultation and Information. 10.2 Security of Information. 10.3 Communication Meetings chapter _v5 15//2004 12:24 pm Page 93 COMMUNICATIONS. COMMUNICATIONS.1 Communication, Consultation and Information.2 Security of Information.3 Communication Meetings.4 Renishaw s House Journal (Probity).5

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

PBGC Information Security Policy

PBGC Information Security Policy PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.

More information

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY Version Author Date Approved by Board 2009-1 Gillian Kirkup 24 March 2010 Page 1 of 8 THE RICE MARKETING BOARD FOR

More information

Infrastructure Security Policy

Infrastructure Security Policy Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd ICT Infrastructure Security Policy September 2013 Version 1.0 Page 1 of 11 CONTROL SHEET FOR ICT Infrastrutcure Security

More information

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review: POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical

More information

ICT Security Policy. Information Security Policy v 1.1 May 2013 Information Security Manager Page 1

ICT Security Policy. Information Security Policy v 1.1 May 2013 Information Security Manager Page 1 ICT Security Policy Information Security Manager Page 1 Policy : Executive Summary: ICT Security Policy This policy introduces a single policy for ICT for Information Security within East Cheshire NHS

More information