BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Size: px
Start display at page:

Download "BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy"

Transcription

1 BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy covering Information Security matters. The enclosed existing policy has been reviewed and is now submitted to the Trust Board for approval Recommendation: Board to approve the attached Information Security policy Prepared by: S Martin Presented by: Mike Stevens, Director of Finance & Information This report covers: (Please tick relevant box below) Healthcare Standards Monitor (CORE please specify which standard) Healthcare Standards Finance (DEV T please specify which standard) Service Development Performance Management Strategy Local Delivery Plan Business Planning Assurance Framework X Complaints Other (Please specify) MS Part I (vs. 1.4) Page 1 of 15

2 INFORMATION SECURITY POLICY Post holder responsible for Policy: Directorate / Department responsible for Policy: Wendy Ware IMT Services Contact details: Date written: January April 2005 Date revised: Approval route (names of committees): Information Committee IMT Shared Services Committee Date of final approval: Date due for revision: Date policy becomes live: This document replaces: Controlled Document This document has been created following the Royal Devon & Exeter NHS Foundation Trust Policy on the creation of policies, procedures, protocols, guidelines and standards. It should not be altered in any way without the express permission of the author or their representative. MS Part I (vs. 1.4) Page 2 of 15

3 Document Location This document is only valid on the day it was printed. The source of the document can be found on the Trust s Internet at and Trust Comex site IM&T. Revision History Date of this revision: 1 st April, 2005 Date of Next revision: August 2006 Ver. Date Author Status Issued to Ver. Date Author Status Issued To /11/2003 P.Page First Draft for discussion RD&E Shared IM&T Services W.Ware T.Dymond S.Moses J.Treadwell M.Holley J.Smith /07/2004 P.Page Second Draft for discussion RD&E Shared IM&T Services W.Ware RD&E Information Committee Membership /02/2005 J Treadwell Review of discussions No one yet J Treadwell Final Draft for ratification Information committee and internal audit J Treadwell Product of ratification As above Next Revision Due: Approvals This document requires the following approvals. Project Role Name Title Organisation Name Title Information Committee Approved on MS Part I (vs. 1.4) Page 3 of 15

4 Contents Document Location... 3 Revision History... 3 Approvals... 3 Executive Summary... 5 Statement of Intent Introduction The need for a security policy Statement Scope Security management Objective Organisation management Security Policy Awareness Auditors Purchase of Information Systems Access to secure computer facilities Disposal of Equipment and Media Information Storage Information Backup Business Continuity Information Transmission and Networks Local and Wide Area Networks Web Services (Internet & ) Notification of Staff Changes Security of third party access to organisation s data Desktop Policy Use and Installation of Software Passwords Blank Screen Policy Clear Desk Policy Management of Manual Records...12 Appendices Appendix A...13 List of Policies...13 Appendix B...14 List of relevant legislation...14 MS Part I (vs. 1.4) Page 4 of 15

5 Executive Summary The Trust's revised sets the framework within which information will be managed. It demonstrates to all staff, the Trust s determination that information will be processed within a secure and confidential environment. The commonly accepted definition of Information Security is that it consists of: Confidentiality: This is the prevention of unauthorised access to information and data by individuals from both inside and outside the organisation. Integrity: Information Systems function correctly and do not give rise to erroneous information either accidentally or maliciously. The requirement for integrity also includes protecting system and data from destruction. Availability: This is concerned with ensuring that both systems and data are available at all times when they are needed by the organisation. There is a reference to all relevant legislation within the policy. The Trust's Policy also covers other areas such as Computer Access Controls (both in terms of physical environment and computer applications) and Disaster Recovery. Statement of Intent Trust patients, clients and other stakeholders have a right to expect that their personal data will only be examined either by people directly involved in their care and treatment, or by people who are involved in the monitoring and evaluation of that care, or by people requiring to complete processes that are necessary for the orderly functioning of the NHS. In addition, other records (including staff records, etc.) not directly related to patients and clients, required to be kept and managed by the Trust will only be accessed by appropriately designated personnel. That same group of stakeholders have a right to expect that the Trust will manage all information assets in such a manner that security threats are minimised by the use of best practice and adherence to statutory procedures. In recognition of the changes underway in the NHS and the effects of that these changes might have on Confidentiality and Security, this policy will be reviewed regularly, in the first instance months from implementation. MS Part I (vs. 1.4) Page 5 of 15

6 1. Introduction 1.1 The need for a security policy The organisation holds and manages a great deal of personal and confidential data relating to patients, the public and employees of the NHS. Increasing reliance is placed on computers to store and manipulate this information and with the ever-easier ways by which information can be passed around via the organisation s and other connected networks. It is important that a consistent approach is adopted to safeguard the organisation s information in the same way that other more tangible assets are secured, with due regard to the highly sensitive nature of some information held on both electronic and manual systems. This document describes the organisation s policy on information security and employees responsibilities for security of information held both manually and on computers. The is consistent with and supports the organisation s policies, procedures and existing methods of working, including Standing Orders and Standing Financial Instructions which take precedence on any specific issue, and is in accordance with NHS national guidance. A Staff Checklist (Acceptable use document) is in Appendix C. It is intended to help employees focus on the key areas that are likely to affect them on a day-to-day basis. The checklist should only be used once the itself is understood. A list of accompanying Policies which explain various aspects of this policy in greater detail are included in the appendices, for example: NHSNet Code of Connection Agreement Staff Checklist The Caldicott Principles Policy Fax Policy Staff Code of Conduct for using Portable Devices Procurement Policy Disposal of Equipment and Confidential Materials Policy Protocol for Sharing Information across Organisations Handling Requests for Access to Information from Agencies Handling with Requests for Access to Information from Patients & Staff Guidance To GP Appraisers relating to Data Protection and Caldicott 1.2 Statement The organisation s policy aims to ensure that:- All of the organisation s Information Systems are secure and confidential. In particular that MS Part I (vs. 1.4) Page 6 of 15

7 these are operated in accordance within NHS guidance, BS7799, Caldicott Guidance and relevant legislation. All staff are aware of this policy, the need to ensure appropriate secure and confidential handling of all personal and business sensitive information and their responsibilities in maintaining information security. Procedures to detect and resolve security breaches are in place. Failure by any employee of the Organisation to adhere to the policy and its guidelines will be viewed as a serious matter and may result in disciplinary action. Where employees believe that it is not possible to meet the policy and associated guidelines this must be brought to the attention of the Information Governance Manager and action agreed and notified to the appropriate management level within the organisation. 1.3 Scope This policy applies to: All Trust employees whilst engaged in work for the Trust at any location. Other persons working for the Trust or persons engaged on Trust business. All usage by anyone granted access to Trust information, whether it be manual records such as case notes or electronic access to the Trust network. 2. Security management 2.1 Objective To establish the management structure for Information Systems security within the organisation. 2.2 Organisation management Security is everybody's business and therefore it is everybody s responsibility to ensure information is, as appropriate, confidential, accurate and available to authorised users. This section describes the different areas of responsibilities for ensuring that the organisation s data remain secure. There is a clear division of responsibilities between the Board, Directors, IT Managers, Information Governance Manager, Line Managers, System Managers and Employees. Board Responsibilities The Trust Board has overall responsibility for all matters relating to security. All matters concerning security should be referred to the Information Governance Committee or equivalent. Directors, Heads of Departments and other line managers Directors and Heads of Departments should: MS Part I (vs. 1.4) Page 7 of 15

8 ensure that all current, new and temporary staff are instructed in their security responsibilities. ensure that all their staff using computer systems/media are trained in their use. ensure that no unauthorised staff are allowed to access any of the organisation s computer systems or information stores as such access could compromise information integrity. determine which individuals are to be given authority to access specific information: levels of access to specific systems should be on a job function need, independent of status. ensure that the IM&T Services are notified of new employees to allow access rights to be appropriately established from effective dates for shared mailboxes and shared data folders. inform system administrators of new employees to authorise appropriate access to information systems. inform system administrators and IM&T services when staff leave in order to terminate access. authorise new information systems and liaise with IM&T services over the appropriate level of security. implement procedures to minimise the organisation s exposure to fraud, theft, or disruption of its systems; such as segregation of duties, dual control or staff rotation in critical susceptible areas. ensure that current documentation is always maintained for all critical job functions to ensure continuity in the event of individual unavailability. ensure that all staff sign confidentiality (non-disclosure) undertakings as part of their contract of employment. report information security breaches to Information Governance Manager. Information Governance Manager The Information Governance Manager for the organisation is responsible for the implementation and enforcement of the and has organisational security management responsibilities for: monitoring and reporting on the state of Information security within the organisation. ensuring that the is implemented throughout the organisation. developing and enforcing detailed procedures to maintain information security. ensuring compliance with relevant legislation. reporting security issues to the Deputy Director of IMT. providing an advisory service on information security and information governance. IM&T Manager(s) - The IM&T Manager(s) should: understand the risk to the computer assets and the information that is held on them. deploy appropriate security measures to reduce the threat and to reduce the impact of a threat that materialises. ensure periodic security reviews by systems managers as appropriate. ensure that new information systems provide an adequate level of security. System Managers - System Managers, are required to ensure compliance with the organisations and thereby maintain controls to provide: recommend and implement appropriate levels of access for staff/users. provide training for staff. MS Part I (vs. 1.4) Page 8 of 15

9 liaise with IM&T services over 3 rd party access. collaborate with internal audit over system security reviews. manage upgrades to systems in partnership with IM&T services. Staff - Employees, including those under contract and agency staff, are: responsible for conforming to the. required to bring to their manager or Information Governance Manager's attention areas of concern regarding information security. Security Incident Management - All staff are responsible for ensuring that no actual or potential security breaches occur as a result of their actions. Staff will report breaches through the Incident Reporting mechanism. The organisation will investigate all suspected / actual security breaches and report to the appropriate bodies. A breach is defined as any incident which compromises the 3 tenets of security confidentiality, integrity and availability. 2.4 Security Policy Awareness New starters will be made aware of the policy at the organisation s corporate induction. Staff will be made aware that if they have concerns about security that there are adequate processes for them to make those concerns known. As part of the induction: All staff will be required to read and sign a code of conduct agreement covering access to network, and data shares. All new staff will sign confidentiality (non-disclosure) undertakings as part of their contract of employment. 2.7 Auditors The organisation s policy, its implementation and systems will be subject to periodic review by both internal and external auditors, the recommendations from which will normally be implemented unless an alternative action plan is agreed with management. Any major security incident is liable to be referred to the auditors for investigation. 4 Purchase of Information Systems 4.1 All staff will liaise with IM&T services over the procurement and implementation of information systems. 5 Access to secure computer facilities There is a need to protect the organisation s equipment and systems against loss or damage and ensure availability of information systems. All access to computers located within the organisation s properties must be restricted through the use of the same precautions that are taken for other valuable assets of the organisation. Such restrictions include perimeter security, making sure that security doors are closed properly, blinds drawn, and that any door entry codes are changed regularly. MS Part I (vs. 1.4) Page 9 of 15

10 5.1.2 Disposal of Equipment and Media Computer assets must be disposed of in accordance with the Trusts Disposal of IT Equipment Policy and standing financial instructions. This includes removable computer media, such as tapes and disks and printed reports. All data storage devices will be purged of sensitive data prior to disposal Information Storage All personal data should be stored securely in line with the principles of the Data Protection Act 1998 and Caldicott guidelines. Further details may be found in Appendices A & B All staff must comply with Data Protection Act 1998 and must not be allowed to access information until line managers are satisfied that they understand and agree these responsibilities. This should be included in all contracts of employment. Information that is no longer required should be disposed of or archived securely and in line with the organisation s relevant policy listed below. Databases holding personal data will have a defined security and system management documentation for access, records and reports. This documentation must include a clear statement as to the use, or planned use of the personal information, which is cross-referenced to the Data Protection Notification. Appropriate security measures should be taken to safeguard information held in this way. This is the responsibility of the System Administration Information Backup Sensitive information must not be stored on individual drives on PCs. This area is covered by the organisation s data storage policy Business Continuity All designated sensitive and critical systems will have a written back-up procedure and disaster recovery plan. This is required to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters. This is the responsibility of the System Administrator. 5.2 Information Transmission and Networks Local and Wide Area Networks Through connection to the organisations network it is possible to receive and forward information to other users of the network and other organisations networks using, for example, electronic mail. Should employees receive, identify how to, or gain access to unauthorised information on any networks then this event must be reported to the Information Governance Manager. MS Part I (vs. 1.4) Page 10 of 15

11 All computer files, transferred from other networks (including public access networks such as the 'Internet') and removable media must be checked for viruses before use within the organisation. Files stored on the network will be checked daily. No equipment will be connected to the network until advised by IM&T services that the system is ready for use. Employees must inform the IM&T Services Helpdesk if a virus attack is detected or suspected Web Services (Internet & ) Internet Staff using the Internet must ensure they comply with the organisation s Internet and policies. Copies of the signed code of connection forms will be stored on staff personnel files Notification of Staff Changes The Human Resources department will provide a leavers list each month to advise IM&T Services about staff changes affecting computer access (for example job function changes / leaving department or organisation) so that access rights may be amended or deleted, from effective dates Security of third party access to organisation s data Written agreement must be received from all external contractors and non-nhs parties that they agree to treat all information confidentially and that information will not be disclosed to unauthorised individuals. This agreement should also include a signed declaration that they understand the relevant legislation should they need to access sensitive information stored on a computer system. A security log must be maintained of all access to the organisation s network by external organisations for system support purposes. The Central Systems Team will hold this log. 5.3 Desktop Policy Use and Installation of Software This is covered by the organisation s software policy Passwords Passwords have a role in protecting systems from unauthorised access and are most effective when they: carry no meaning are not names, nor easily guessable are changed regularly and are not related to previous passwords are a minimum of 8 characters are a mixture of letters, numbers and symbols MS Part I (vs. 1.4) Page 11 of 15

12 are kept secret are not PASSWORD, VISITOR, GUEST or similar are not shared should be memorable, preferably through a cryptic association with the user This policy will ensure proper auditing of accesses made can be maintained and security of original user account is not compromised Blank Screen Policy Windows screen saver with password protection enabled will be used on all PCs with time-out set to ten minutes. Users need to set this protection up on their desktop. This does not apply to machines used by multiple users Clear Desk Policy Any confidential information must be placed out of sight, in locked cabinets/drawers when not in use. Likewise all offices/rooms which contain personal data should be locked when not in use. 5.4 Management of Manual Records Storing, archiving and disposing of manual records will be dealt with in accordance with the Trust s Records Management policy. MS Part I (vs. 1.4) Page 12 of 15

13 Appendices Appendix A List of Policies policy Internet policy Fax policy Portable device use policy Procurement policy Disposal of equipment and confidential materials policy Protocol for sharing information across organisations Handling requests for access to information from agencies Handling requests for access to information from patients and staff Data storage policy Software policy Generic user policy Records management policy Mail and internet filtering policy Anti Virus Policy External access to systems policy MS Part I (vs. 1.4) Page 13 of 15

14 Appendix B List of relevant legislation Copyright patents and designs act 1998 Computer misuse act 1990 Data protection act 1998 Freedom of information act 2000 Human Rights Act 1998 Health & Safety at Work Act 1974 Regulation of Investigatory Powers Act 2000 Health & Social Care Act 2000 MS Part I (vs. 1.4) Page 14 of 15

15 Appendix C Staff Checklist - Acceptable Use Document Usernames and Passwords: You have been issued with a unique username and password. They provide access to the Internet, and computer network. Do not disclose them to anyone, or write them down. Their use is monitored and misuse could lead to disciplinary action. Computer Network, NHSNet and Internet Access: The Trust is obliged to provide all staff with access to the Internet which it routinely monitors. Access is provided for access to clinical information, and for the efficient running of the Trust. Any inappropriate use may result in the withdrawal of an individual's password and/or disciplinary action. Use of The Trust is obliged to provide all staff with access to an individual mailbox. This account is primarily for business use but can be used for limited personal use. should not be used either to subscribe to any non-work related newsletters/bulletins or to further the distribution of chain letters or similar unsolicited messages. If an individual is unavailable it may be necessary for IT Support Staff to arrange for other access to the mailbox for business purposes. Use of any other service (e.g. Hotmail) is not supported by the Trust and must not be used for Trust business as they are not secure and you may place sensitive data at risk by using them. Downloading Files/Installing Software: Unauthorised software must not be downloaded to or used on Trust PCs. If you are in any doubt check with IT Support. All media must be scanned for viruses prior to any transfer of files or data to a Trust PC. This includes floppy disks, CDs and memory sticks. Electronic Document Storage: A secure area on a central server is provided for your use. Whenever you log on, it appears as your Z: drive. All work related documents and files must be stored on this. Security: If you believe that your username and password have been compromised, change your password and advise IT Support. All PCs and are protected by Anti Virus software. However, if you think that your system is infected contact IT Support immediately. If you suspect any inappropriate use of the Trust's PCs, , network, etc. Contact IT Support. MS Part I (vs. 1.4) Page 15 of 15

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

How To Ensure Network Security

How To Ensure Network Security NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Information Technology Policy and Procedures

Information Technology Policy and Procedures Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Policies and Procedures. Policy on the Use of Portable Storage Devices

Policies and Procedures. Policy on the Use of Portable Storage Devices Policies and Procedures Policy on the Use of Date Approved by Trust Board Version Issue Date Review Date Lead Person One May 2008 Dec 2012 Head of ICT Two Dec 2012 Dec 2014 Head of ICT Procedure /Policy

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

How To Protect School Data From Harm

How To Protect School Data From Harm 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

University of Aberdeen Information Security Policy

University of Aberdeen Information Security Policy University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Version: 1.1 Ratified by: NHS Bury CCG IM&T Steering Group Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Greater Manchester CSU - IT Department NHS Bury

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review: POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Management Policy

Information Management Policy Information Management Policy Document Control Title Organisation Description Author(s) Information Management Policy London Legacy Development Corporation The Information Management Policy describes how

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

West Lothian College. E-Mail and Computer Network Responsible Use Policy. September 2011

West Lothian College. E-Mail and Computer Network Responsible Use Policy. September 2011 West Lothian College E-Mail and Computer Network Responsible Use Policy September 2011 Author: Steve Williams Date: September 2011 Agreed: Computer Network & Email Policy September 2011 E-Mail and Computer

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) (NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Incident Response Policy Reference Number Title CSD-012 Information Security Incident Response Policy Version Number 1.2 Document Status Document Classification

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Walton Centre. Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt. Monitoring & Audit

Walton Centre. Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt. Monitoring & Audit Page 1 Walton Centre Monitoring & Audit Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt Page 2 Table of Contents Section Contents 1 Introduction 2 Responsibilities Within This

More information

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE

INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.1 Approved by: Information Governance

More information

Acceptable Usage Guidelines. e-governance

Acceptable Usage Guidelines. e-governance Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures SECURITY INCIDENT REPORTING AND MANAGEMENT Standard Operating Procedures Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme.

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Clinical Quality and Safety Committee. 3 Years or dependent on change in legislation

Clinical Quality and Safety Committee. 3 Years or dependent on change in legislation Title: Procedural Document Type: Reference: CQC Outcome: Email Policy & Procedure Policy & Procedure IT-P20 Version: V 1.1 Approved by: Ratified by: Outcome 6E Professional Practice Forum Date ratified:

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Information Security Policy Schedule A - Roles, Standards and Operational Procedures

Information Security Policy Schedule A - Roles, Standards and Operational Procedures Information Security Policy Schedule A - Roles, Standards and Operational Procedures Approving authority Pro Vice Chancellor (Information Services) Approval date 3 July 2014 Advisor Next scheduled review

More information

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3 Notice: Plymouth Community Healthcare Community Interest Company adopted all Provider policies from NHS Plymouth when it became a new organisation on 1 October 2011. Please note that policies will be reviewed

More information

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

University of Brighton School and Departmental Information Security Policy

University of Brighton School and Departmental Information Security Policy University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

IT Data Security Policy

IT Data Security Policy IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information