Information Governance Performance Manager. Important Note: The Intranet version of this document is the only version that is maintained.

Size: px
Start display at page:

Download "Information Governance Performance Manager. Important Note: The Intranet version of this document is the only version that is maintained."

Transcription

1 Document Summary DOCUMENT NUMBER DATE RATIFIED POL/002/ October DATE IMPLEMENTED October 2013 NEXT REVIEW DATE October 2015 ACCOUNTABLE DIRECTOR POLICY AUTHOR Director of Business Development Information Governance Performance Manager Important Note: The Intranet version of this document is the only version that is maintained. Any printed copies should therefore be viewed as uncontrolled and, as such, may not necessarily contain the latest updates and amendments. August 2013 Page 1 of 21 Our ref: CO/POL/002/004

2 TABLE OF CONTENTS 1. SCOPE INTRODUCTION 3 3. STATEMENT OF INTENT 3 4, DEFINITIONS TRUST BOARD CHIEF EXECUTIVE CALDICOTT GUARDIAN SIRO (SENIOR INFORMATION RISK OWNER) INFORMATION GOVERNANCE LEAD INFORMATION SECURITY ALL TRUST EMPLOYEES Details of the Procedural Document USE OF MANAGEMENT OF PUBLIC AND SHARED MAILBOXES IDENTIFYING AND MANAGING RECORDS IMPLEMENTATION Training 15 8 Monitoring compliance with this Document References/ Bibliography Related Trust Policy/Procedures Appendix Appendix 2: How to guidance Appendix 3: Policy Title Date: Page 2 of 21 Our Ref:

3 1 SCOPE This policy is applicable to all staff, including temporary, contracted staff, volunteers and employees of Cumbria Partnership NHS Foundation Trust, students or employees or other external organisations that provide services to the Trust. The policy specifically covers NHS mail and locally provided systems and does not cover social networking communications (e.g. Twitter, MSN, Facebook), this is included within the Acceptable Use policy. NB: This policy will equally apply to any organisations where under a Service Level agreement the Trust provides Information Governance support and services 2 INTRODUCTION is increasingly becoming the primary business tool for both internal and external communication and as a result should be treated with the same level of attention given to drafting and managing formal letters and memos. messages should not be treated as an extension of the spoken word because their written nature means they are treated with greater authority. As well as taking care over how messages are written it is necessary to manage messages appropriately after they have been sent or received. There is a common misconception that messages constitute a short-lived form of communication. This misconception about how messages can be used could result in legal action being taken against the Trust or individuals. All messages are subject to Data Protection and Freedom of Information Legislation and can also form part of the corporate record. Staff should also be aware that messages could be used as evidence in legal proceedings. This includes the use of a blackberry or other form of electronic communication. This policy sets out the obligations that all members of staff have with dealing with messages. There are two main sections within the policy: the first concentrates on sending messages and the second concentrates on managing messages that have been sent or received. Staff should be familiar with the content of the policy and use it as a point of reference when dealing with messages. 3 STATEMENT OF INTENT The objective of this policy is to make clear to users the Trust s intentions and standards on the use of . 4 DEFINITIONS Electronic Mail: commonly called or , is a method of exchanging digital messages from an author to one or more recipients. Sender: the person sending the . For the purposes of this document this also refers to the author of the August 2013 Page 3 of 21 Our ref: CO/POL/002/004

4 Recipient(s): the person or persons to whom the was sent and for whom it was intended. 5 DUTIES Senior roles within the organisation supporting the Information Governance agenda are held by the Organisation s Senior Information Risk Owner (SIRO), the Caldicott Guardian, the Head of Information Governance; all are supported by the IG Team. 5.1 Trust Board In his communications with NHS Trusts Chief Executives, the NHS Chief Executive has made it clear that ultimate responsibility for IG in the NHS rests with the Board of each organisation. 5.2 Chief Executive The Trust s Accountable Officer is the Chief Executive who has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level. Information risk is handled in a similar manner to other risks such as financial, legal and reputational risks. Reference to the management of information risks and associated information governance practice is now required in the Statement of Internal Control which the Accounting Officer is required to sign annually. 5.3 Caldicott Guardian The Caldicott Guardian also holds the position as Medical Director (Dr Chris Hallewell) supported by Deputy Caldicott Guardian (Alan Duncan). The Caldicott Guardian role: Is advisory Is the conscience of the organisation Provides a focal point for patient confidentiality and information sharing issues Is concerned with the management of patient information. The Caldicott Guardian is the person with overall responsibility for protecting the confidentiality of person identifiable data (PID). The Caldicott Guardian plays a key role in ensuring that the organisation and partner organisations abide by the highest level for standards for handling PID and adherence to the Caldicott Principles. It is the responsibility of the Caldicott Guardian to feedback any IG issues to the Senior Management Team. The Caldicott Guardian is supported by a Deputy Caldicott Guardian (Dr Alan Duncan). The Caldicott Guardian (or Deputy) is a member of the Information Governance Board. August 2013 Page 4 of 21 Our ref: CO/POL/002/004

5 5.4 SIRO (Senior Information Risk Owner) The SIRO is the Director of Business Development (Michael Smillie). The role: Is accountable; Fosters a culture for protecting and using data; Provides a focal point for managing information risk and incidents Is concerned with the management of all information assets. The SIRO is an executive Board member with allocated lead responsibility for the Trust s information risks and provides a focus for the management of information risk at Board level. The SIRO chairs the Information Governance Board. 5.5 Information Governance Lead The Information Governance (IG) Lead is the Head of Information Governance (Yvonne Salkeld). The Head of Information Governance is responsible for ensuring the organisation meets is statutory and corporate responsibilities and engender trust from the public in the management of their personal information. The Head of Information Governance is accountable for ensuring effective management, accountability, compliance and assurance for all aspects of IG. 5.6 Information Security The Head of IT (with delegated responsibility to the Network and Security Manager) are responsible for the provision and management of a high quality, customer focussed, Information Technology Security Advisory Service using expertise to manage security issues, identifying best practice and making recommendations for local implementation. 5.7 All Trust Employees All staff are responsible for ensuring that they are familiar with this policy to ensure that is used to facilitate effective communication and ensure that appropriate records of those communications are maintained. All staff members are obliged to adhere strictly to all policies and failure to do so may result in disciplinary action. 6 DETAILS OF THE PROCEDURAL DOCUMENT It is the Policy of the Trust that, with regard to the use of , all staff will adhere to the guidelines detailed in this document. August 2013 Page 5 of 21 Our ref: CO/POL/002/004

6 6.1 Use of When to use is not always the best way to communicate information as messages can often be misunderstood and the volume of messages people receive can be prohibitive to receiving a meaningful reply as a result of overload. It is the responsibility of the person sending the message to decide whether is the most appropriate method to communicate the information. The decision to send an should be based on a number of factors, including: The subject of the message The recipients availability The speed of transmission The speed of response The number of recipients. The Subject messages can be used for different types of communication and can constitute a formal record of proceedings. The types of communication which can be used for include general business discussions, disseminating information, agreement to proceed and confirmation of decisions made. Although can be used for these types of communication, it may be necessary to consider whether the sensitivity of the information would be more appropriately communicated in a different way. It should also be noted that there are certain subjects that should be avoided in messages as they could be construed as discriminatory. A subject heading should be in place on all s. Recipient s availability messages are often sent unnecessarily due to the ease and convenience of writing an message. There are times when might not be the most appropriate way of communicating with people, for example if a message needs to be passed onto a person in the same office speaking to them face to face might be more productive, particularly if they receive large volumes of . Speed of transmission messages can be sent and delivered to the recipient quickly, which makes sending an message a good way of transmitting information if the information is needed quickly and the recipient is expecting the information. Speed of response Although messages can be sent and delivered quickly there is no guarantee that the message will be read or acted upon immediately. One of the perceived advantages of using is that it can be responded to at the recipient s convenience. If a message needs to be acted upon immediately or requires a quick decision is probably not the best way of communicating the information. Where an immediate action or response is required it is probably better to speak to the person directly and send an confirmation if it is deemed to be necessary. August 2013 Page 6 of 21 Our ref: CO/POL/002/004

7 Number of recipients It should be noted that only messages that are considered to be of immediate interest to the majority of staff would be sent to everyone. If it is particularly important that an should be sent to a high majority of staff an can be sent detailing the nature of the information and a link to the appropriate point on the Intranet site provided. Writing Business Messages When writing business messages it is important that consideration is given to the way in which the message is being conveyed. This includes thinking about the title, the text and the addresses. As a way of helping staff to draft s in an appropriate fashion for business use guidelines to drafting messages have been developed (see Appendix 1). These guidelines are intended to be a reference tool. It is up to the sender to decide to what degree to follow the guidelines, depending on their knowledge and level of familiarity with the recipient. Dealing with sensitive subjects Person Identifiable Information (PID) - PID should not be sent by unless it is encrypted (password protected or encrypted via Voltage for further details on this please see Encryption Policy). If the is being sent within the Cumbria NHS Community of Interest Network ( CoIN ) (e.g. xyz@ncuh.nhs.uk to abc@cumbria.nhs.uk) and via NHS mail (e.g. cde@nhs.net to uvw@nhs.net) you can send person identifiable information as an attachment but it must be password protected. Person identifiable information should not be included within the main body of the or in the subject header. Personal identifiable information (PID) is anything that may recognise an individual, e.g. name, date of birth, address etc. If you are sending PID to external organisations via please read the Encryption Policy POL/002/075 for further advice and details on encryption requirements when dealing with external organisations. Non person identifiable information - Any non-person identifiable information that you feel should be classed as confidential should be sent using the Confidential option within the sensitivity section of the options button within the . A comparison would be any mail that you would normally send in an envelope marked Private & Confidential. (Please see Appendix 2 for guidance). The privacy and confidentiality of the messages sent via cannot be guaranteed. It is the responsibility of all members of staff to exercise their judgement about the appropriateness of using when dealing with sensitive subjects. August 2013 Page 7 of 21 Our ref: CO/POL/002/004

8 Staff are advised that all external s have a disclaimer at the footer of the to protect the Trust from information being disclosed to unauthorised personnel; however there is no guarantee that this will protect individual personnel from potential legal action if s sent include unsupported allegations, sensitive or inappropriate information. Staff must ensure that all information of a sensitive nature that is sent via is treated with care in terms of drafting and addressing. Sensitive information sent via that is incorrect might provide a case for initiating legal proceedings against the person sending the information and / or the Trust. When sending s that contain sensitive information the following must be considered: messages containing information that is not intended for general distribution should be clearly marked either in the title or at the beginning of the message, for example an message containing comments about the performance of a specific staff member or a group of staff. This should decrease the likelihood the message being forwarded to unintended recipients. messages containing personal information are covered by the Data Protection Act and must be treated in line with principles outlined in the Act. Under the Data Protection Act personal information includes opinions about an individual or the personal opinions of an individual. messages containing this type of information should only be used for the purpose for which the information was provided, be accurate and up to date, and must not be disclosed to third parties without the express permission of the individual concerned. messages that contain information that is not supported by fact should indicate that it is the sender s opinion that is being expressed. Misuse and Personal Use There are types of use that are expressly prohibited and could result in formal disciplinary proceedings. In addition, all members of staff are advised that messages can constitute a formal record and can be used as evidence in legal proceedings. When writing messages the following conditions must be met: Any behaviour or comments that are not permitted in the spoken or paper environment are also not permitted in messages. Care should be taken when composing messages to ensure they are inoffensive and cannot be construed as harassment. Downloading and forwarding material of a discriminatory nature e.g. pornographic, sexist, racist, homophobic or derogatory nature are strictly prohibited. The impersonal nature of messages can mean that it is easier to cause offence than when speaking. If you are annoyed or angry about something take time to ensure the message does not inflame the situation. messages containing inaccurate information in the form of opinion or fact about an individual or organisation, may result in legal action being taken against August 2013 Page 8 of 21 Our ref: CO/POL/002/004

9 the person sending the message and anyone forwarding the message on to others. The forwarding of chain mail is not permitted. The terms and conditions of the Information Security Policy must be adhered to (see separate policy) It is not permitted to conduct any business other than that of the Trust via . Only authorised personnel should access accounts. A restricted level of personal use of the work account is permitted provided the following conditions are met: The sending of messages does not interfere with work commitments. The messages do not constitute misuse of as detailed above. To protect the network, messages are routinely scanned to ensure they do not contain viruses. messages that are suspected of containing viruses will be automatically deleted by the IT department or the attachment suspected of containing a virus will be stripped and deleted by the IT department. An will be sent to the intended recipient asking them if they are expecting an attachment; if it is found the recipient was awaiting the they should request the to be resent in a different format. Members of staff are advised that the content of messages will be monitored if they are suspected of misusing or excessive personal use. However, the content of messages is not routinely monitored. Any member of staff who has the content of their messages monitored will be informed before the monitoring takes place. If no further action is to be taken as a result of monitoring the content of messages then all the data collected as a result of the monitoring will be destroyed immediately. Receipt of Inappropriate s Any member of staff receiving an which they deem to be of a discriminatory or inappropriate nature e.g. pornographic, sexist, racist, homophobic, derogatory or similar should bring this to the attention of their Line Manager. If deemed serious enough, an Incident Form should be completed in Ulysses. For further information with regards to acceptable use of s, please refer to the Acceptable Use Policy. Privacy and Access messages are not personal and private. system administrators will not routinely monitor individual staff member's and will take reasonable precautions to protect the privacy of . However, program managers and technical staff may access an employee's For a legitimate business purpose (e.g., the need to access information when an employee is absent for an extended period of time). August 2013 Page 9 of 21 Our ref: CO/POL/002/004

10 To diagnose and resolve technical problems involving system hardware, software, or communications; and/or To investigate possible misuse of when a reasonable suspicion of abuse exists or in conjunction with an approved investigation within the Trust's Disciplinary Policies, or where required by the Police or other body duly authorised in law. Access to a staff member s Mailbox will only be allowed in exceptional circumstances and considered in line appropriate legislation (Data Protection Act 1998 and where applicable Human Right Act 1998). Authorisation needs to be given by the Head of Information Governance, for more information please contact the IG team: E: Information.governance@cumbria.nhs.uk T: Organising Your Mailbox It is the responsibility of all members of staff to manage their messages appropriately. It is important that messages are managed in order to comply with Data Protection and Freedom of Information legislation. Managing messages appropriately will also mean that work can be conducted more effectively as it will help towards locating all the information relating to specific areas of business. To manage messages appropriately members of staff need to identify messages that are records of their business activities and short-lived messages. It is important messages that are records are moved from personal mailboxes 1 and managed with, and in the same way as other records. Short-lived messages should be managed within the mailbox and kept only for as long as required before being deleted. There may be occasions when it is necessary to access messages from an individual s mailbox when a person is away from the office for an extended period, for example holiday. The reasons for accessing an individual s mailbox are to action: Subject request under the Data Protection Act. Freedom of Information Act request Evidence in legal proceedings Evidence in a criminal investigation Line of business enquiry Evidence in support of disciplinary action. Where it is not possible to ask the permission from the member of staff whose mailbox needs to be accessed, the procedure for gaining access their mailbox is: Submit a request to IT. 1 Personal mailbox includes the inbox, where you receive s which are addressed to yourself, folders created under the inbox, where s from your inbox might be moved to, and the sent box, where s addressed from you are sent to other people, August 2013 Page 10 of 21 Our ref: CO/POL/002/004

11 A manager is required to sign off the request and give appropriate reasons why the request has been made there must be significant reason for the request (i.e. business necessity). Sent to Head of IG to consider and authorise. If approved, a record is made of the reasons for accessing the mailbox together with the names of the people who were present. Inform the person whose mailbox was accessed. It is less likely that this procedure will need to be followed if records are managed appropriately or mailbox access has been delegated to a trusted third party. s should be treated like any other record and stored appropriately, this will negate the necessity for access to a person s mailbox. Access to mail boxes will only be given on an exceptional basis. Where possible, a staff member should ensure that s related to business activity or which may be relied upon by other staff members should be stored on a central folder (i.e. SharePoint). Making your mailbox manageable Managing an mailbox effectively can appear to be a difficult task, especially if the volume of messages received is regularly of a large quantity. Managing an mailbox should not be about following rigid classification guidelines; it is about following a methodology that works best for you. There are a number of approaches that might aid the management of messages. These approaches that might be worth further consideration are: Allocating sufficient time each day or week to read through and action messages. Prioritising which messages need to be dealt with first. Looking at the sender and the title to gauge the importance of the message. Flagging where you have been copied (cc d) into messages. These messages are often only for informational purposes and do not require immediate / any action. Setting rules for incoming messages so they can automatically be put into folders. Using folders to group messages of a similar nature of subject together so they can be dealt with constructively. Identifying messages that are records or need to be brought to other people s attention. Keeping messages in personal folders only for short term personal information. s that are required for longer purposes should be managed as records. Deleting messages that are kept elsewhere as records. Deleting messages that re no longer required for reference purposes from the in and out box. August 2013 Page 11 of 21 Our ref: CO/POL/002/004

12 Disclaimers A disclaimer will be placed at the bottom of each stating the following: Disclaimer: This and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. Any views or opinions expressed are those of the author and do not represent the views of Cumbria Partnership NHS Foundation Trust unless otherwise explicitly stated. The information contained in this may be subject to public disclosure under the Freedom of Information Act Unless the information is legally exempt from disclosure, the confidentiality of this and your reply cannot be guaranteed. The Trust accepts no liability for any damage caused by any virus transmitted with this , so although virus checked before transmission, the recipient should also check for the presence of viruses. Signatures A signature detailing name, title and contact details (base, office telephone number, mobile telephone number etc) should be inserted on every as a signature. Out of Office When absent from work the Out of Office facility must be activated. 6.2 Management of Public and Shared Mailboxes Overview of managing public and shared mailboxes Managing shared mailboxes and public folders In the case of shared mailboxes management is likely to be shared between everyone who has access. In the case of public mailbox folders the folder owner should be responsible. The purpose of managing messages, whether they are in shared mailboxes or in public folders is to identify s that should be retained as a record of an activity and delete short-lived messages. When managing shared mailboxes, the sections of this policy to follow are: reasons for organising your mailbox making your mailbox manageable identifying and managing records There will also need to be some additional rules relating to when to delete an message from the mailbox and how to identify an message as having been answered. It is the responsibility of the owner to ensure that there are specific rules relating to the management of shared mailboxes and it is the responsibility of all staff members with access to shared mailboxes to abide by those rules. When managing public folders the owner of the folder should provide some clear rules as to how the mailbox will be managed, this should include: August 2013 Page 12 of 21 Our ref: CO/POL/002/004

13 The purpose of the folder. How long messages will remain in the mailbox before being removed. An indication of the length of time the folder will exist, where possible. The owner of the folder must ensure that the messages remain in the folder no longer than the pre-agreed time period. After this time they should either be deleted or managed as records of the discussion. It is also the responsibility of the folder owner to delete the folder once it is no longer required and ensure that all messages that all not short-lived messages are captured as records of the discussion. It is important to remember that any that made a significant contribution to the discussion of the business being conducted should be captured as a record and not just the final conclusions. The discussions that take place in the mailbox folder will represent the context within which the final decision was made and must be maintained as record of the proceedings. Public Mailbox Folders Public mailboxes are accessible by a number of administrative staff members. The public mailbox should be used for members of the public to contact the Trust where they are unsure of the most appropriate person to contact. Public mailboxes must be checked on a daily basis. Shared Mailboxes Shared mailboxes should be used where there are a group of people responsible for the same area of work. Where there are a group of people responsible for the same work using a shared mailbox can be a way of ensuring that queries are answered quickly when members of the team are away from the office. Access to a shared mailbox is initially given by the IT Department and can be granted by the person who owns the mailbox. 6.3 Identifying and Managing Records Essential Principles messages can constitute part of the formal record of a transaction. All members of staff are responsible for identifying and managing messages that constitute a record of their work. When an is sent or received a decision needs to be made about whether the needs to be captured as a record. Once an message has been captured as a record it should be deleted from the client. The main points to consider when managing records are: Identifying records Who is responsible for capturing records When to capture records Where to capture records Treatment of encrypted records August 2013 Page 13 of 21 Our ref: CO/POL/002/004

14 Titling records. Identification and Responsibilities Identifying records A record is information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business. 2 When deciding whether an message constitutes a record, the context and content of the message needs to be considered. A guiding principle on identifying records might be that as soon as the message needs to be forwarded for information purposes it should be considered as a record. messages that might constitute a record are likely to contact information relating to business transactions that have or are going to take place, decisions taken in relation to business transaction of any discussion that took place in relation to the transaction. For example, during the decision to put out a tender document for a particular service, background discussion about what this should and should not include might take place via and should be captured as a record. Who is responsible As messages can be sent to multiple recipients there are specific guidelines to indicate who is responsible for capturing an as a record: For internal messages, the sender of an message, or initiator of an dialogue that forms a string of messages. For messages sent externally, the sender of the message. For external messages received by one person, the recipient. For external messages received by more than one person, the person responsible for the area of work relating to the message. If this is not clear it may be necessary to clarify who this is with the other people who have received the message. Managing Messages with Attachments messages with attachments Where an message has an attachment a decision needs to be made as to whether the message, the attachment or both should be kept as a record. The decision on whether an and / or its attachment constitutes a record depends on the context within which they were received. It is likely that in most circumstances the attachment should be captured as a record with the message as the message will provide the context within which the attachment was used. There are instances where the attachment might require further work, in which case it would be acceptable to capture the message and the attachment together as a record and keep a copy of the attachment in another location to be worked on. In these circumstances the copy attachment that was used for further work will become a completely separate record. 2 International Standards Organisation ISO Information and Documentation : Records Management, Part August 2013 Page 14 of 21 Our ref: CO/POL/002/004

15 When and Where to Manage Records When to capture messages that can be considered to be records should be captured as soon as possible. Most messages will form part of an conversation string. Where an string has formed as part of a discussion it is not necessary to capture each new part of the conversation, i.e. every reply, separately. Where to capture messages that constitute records must be either filed in the master electronic filing system or if absolutely necessary to keep a hard copy, printed to paper and filed in the corporate master file. messages captured as records should be located with other records relating to the same business activity. Personal mailboxes should not be used for long term storage of messages. Personal mailboxes should be used for personal information or short term reference purposes, when these s are no longer required they should be deleted. Encryption and Managing Records Encrypted records Where it is known that an has been encrypted it is important that it is unencrypted prior to capturing it as a record to ensure the document is accessible in the future. If an record is captured without being unencrypted it is highly likely that there will be problems with accessing the record over a period of time. Titling Records in an Electronic Records Management System Titling Records The title of an message does not always reflect the reason for capturing an message as a record. The problem of titles not reflecting the reason for capturing the message as a record can, to some extent, be avoided through people following the guidelines for titling s at the point they are created. If the title of an does not accurately reflect the reason why it is being captured as a record then it should not be re-titled within the client but at the point it is captured within the record. Re-titling records is particularly important when they represent different points in an string as it will help to identify the relevant aspects of the conversation. 6.4 Implementation The Information Governance Board will monitor implementation of this policy. 7 TRAINING Training of this policy will be completed in line with the Trust s Training Needs Analysis. Compliance with training will be monitored in line with the Trust s Learning and Development Policy. August 2013 Page 15 of 21 Our ref: CO/POL/002/004

16 8 MONITORING COMPLIANCE WITH THIS DOCUMENT The table below outlines the Trusts monitoring arrangements for this policy/document. The Trust reserves the right to commission additional work or change the monitoring arrangements to meet organisational needs. Aspect of compliance or effectiveness being monitored Ongoing review of McAfee Activity Reports Access to 3 rd party accounts Compliance and Knowledge checks. Monitoring method Report Report on requests and decision for access Report of outcomes from monthly spot checks within localities. Individual responsible for the monitoring Network and Security Manager (or delegate) Information Governance Officer Information Governance Officer Frequency of the monitoring activity Monthly Group / committee which will receive the findings / monitoring report Information Governance Board Group / committee / individual responsible for ensuring that the actions are completed Information Governance Board Annually IG Board IG Board Monthly Information Governance Board IG Board 9 REFERENCES/ BIBLIOGRAPHY Data Protection Act (1998) this Act requires departments to process personal data fairly and lawfully. Personal data means information about identifiable living individuals and includes both facts and opinions about the individual. Freedom of Information Act (2000) The FOI Act provides for a general right of access to information held by departments, subject to certain restrictions (eg the privacy rights of the individual). The Act also amends certain provisions of the Public Records and Data Protection Acts Human Rights Act (1998) The Human Rights Act 1998 incorporated the European Convention on Human Rights into domestic law. Under this Act a UK citizen is able to assert their Convention rights through the national courts without having to take their case to the European Court of Human Rights Information Commissioner (2003), The Employment Practices Data Protection Code: Part 3: Monitoring at Work: Supplementary Guidance. International Standards Organisation ISO Information and Documentation : Records Management, Part Lloyd, Ian J (2000) Information Technology Law, Butterworths Regulation of Investigatory Powers Act (2000) August 2013 Page 16 of 21 Our ref: CO/POL/002/004

17 Computer Misuse Act, 1990 This Act makes it an offence for an unauthorised person to access knowingly a programme or data or for such a person to modify knowingly the contents of a computer. The Copyright, Designs and Patients Act, 1998 Copyright law applies equally to the internet as it does to paper material. Many web sites contain a copyright notice dealing how the material they contain may be used. If you want to print out a web page or attachment or copy and paste anything from a web page or attachment into a document of your own, your should obtain the permission of the copyright owner. For any use beyond everyday web browsing, permission should be obtained. Obscene Publications Act 1959 All computer material is subject to this Act, under which it is a criminal offence to publish an article whose effect, taken as a whole, would tend to deprave and corrupt those likely to read, see or hear it. A computer disk, including the principal hard disk of the computer, can constitute an obscene article for the purposes of this Act if it contains or embodies matters that meet the test of obscenity. Publish has a wide meaning and is defined as including distributing, circulating, selling, giving, lending, offering for sale or for lease. Telecommunications Act 1984 The transmission of an obscene or indecent image from one computer to another via a public telecommunications system is an offence under s43 of this Act. Protection of Children Act 1978; Criminal Justice Act 1988 These Acts make it a criminal offence to distribute or possess scanned, digital or computer generated facsimile photographs of a children under 16 that are indecent.. 10 RELATED TRUST POLICY/PROCEDURES Acceptable Use Policy POL/002/037 Encryption policy POL/002/075 Information Security Policy POL/002/077 August 2013 Page 17 of 21 Our ref: CO/POL/002/004

18 APPENDIX 1 SUBJECT LINE Ensure the subject line gives a clear indication of the content of the message. Indicate if the subject matter is sensitive. Use flags to indicate whether the message is of high or low importance and the speed with which an action is required. Indicate whether an action is required or whether the is for information only. SUBJECT AND TONE Greet people be name at the beginning of an message. Identify yourself at the beginning of the message when contacting someone for the first time. Ensure that the purpose and content of the message is clearly explained. Include a signature with you own contact details. Ensure that the is polite and courteous. Tone of an should match the intended outcome. Make a clear distinction between fact and opinion. Proof read messages before they are sent to check for errors. Try to limit messages to one subject per message. Include the original message when sending a reply to provide a context. Where the subject of a string of messages has significantly changed, start a new message, copying relevant sections from the previous string of messages. Ensure messages are not unnecessarily long. Ensure that attachments are not longer version of s. Summarise the content of attachments in the main body of the mail message. STRUCTURE AND GRAMMAR Use plain English. Check the spelling within the message before sending. Use paragraphs to structure information. Put important information at the beginning of the message. Avoid using abbreviations. Avoid using CAPITALS. Try not to over use of bold text. Do not use emotion. ADDRESSING Distribute messages only to the people who need to know the information. Use the To field for people who are required to take further action and the cc field for people who are included for information only. Think carefully about who should be included in the cc field. August 2013 Page 18 of 21 Our ref: CO/POL/002/004

19 Ensure the message is correctly addressed. GENERAL Be aware that different computer systems will affect the layout of an message. Avoid sending messages in HTML format as if an recipient is using an system that does not allow HTML the layout will be affected. Be aware that some computer systems might have difficulties with attachments. Observe the restrictions on attachment size. Try not to forward messages unnecessarily. Save a message and provide a shortcut link. Internal s should use pointers to attachments and not be included in the body of the text. Don t reply to messages using phrases like Thank You unless really necessary as it takes the receiver time to read your reply. August 2013 Page 19 of 21 Our ref: CO/POL/002/004

20 APPENDIX 2: HOW TO GUIDANCE Mark as Confidential Office 2010: Select the highlighted button with an message as below. The box will appear change sensitivity level to Confidential as shown: August 2013 Page 20 of 21 Our ref: CO/POL/002/004

21 APPENDIX 3: How to guide for outlook 2010 outlook_2010_basics _manual.pdf Outlook 2010 Keyboard Shortcuts Guide Outlook_2010_Short cuts.pdf August 2013 Page 21 of 21 Our ref: CO/POL/002/004

Guidelines on developing a policy for managing email

Guidelines on developing a policy for managing email Guidelines on developing a policy for managing email Crown copyright 2004 You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of the Open Government

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

E-Mail Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience:

E-Mail Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience: E-Mail Use Policy Authorship: Barry Jackson Information Governance, Security and Compliance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date:

More information

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005 UNIVERSITY OF ST ANDREWS EMAIL POLICY November 2005 I Introduction 1. Email is an important method of communication for University business, and carries the same weight as paper-based communications. The

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

Email Policy and Code of Conduct

Email Policy and Code of Conduct Email Policy and Code of Conduct UNIQUE REF NUMBER: CCG/IG/011/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Email Usage Policy Document Profile Box

Email Usage Policy Document Profile Box Document Profile Box Document Category / Ref QSSD 660 Version: 0004 Ratified by: Governance and Risk Committee Date ratified: 12 th January 2012 Name of originator / author: Name of responsible committee

More information

USE OF INFORMATION TECHNOLOGY FACILITIES

USE OF INFORMATION TECHNOLOGY FACILITIES POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised

More information

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH These notes are designed to be used in conjunction with the core training PowerPoint slides. The purpose of the

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

ICT POLICY AND PROCEDURE

ICT POLICY AND PROCEDURE ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day

More information

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Version: 1.1 Ratified by: NHS Bury CCG IM&T Steering Group Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Greater Manchester CSU - IT Department NHS Bury

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Electronic Mail Policy Version: 5 Reference Number: CO6 Keywords: (please enter tags/words that are associated to this policy) Email Supersedes Supersedes: Version

More information

Evidence additional element appendix 47. Records Management Guidance for the management of emails

Evidence additional element appendix 47. Records Management Guidance for the management of emails Records Management Guidance for the management of emails 2010 1 Document Control Sheet Name of Document: Guidelines for the Management of Emails as Records 2010 Author: Consultees Description of Content:

More information

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Email Management and Data Storage Policy. Version 1.4

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Email Management and Data Storage Policy. Version 1.4 PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN Email Management and Data Storage Policy Version 1.4 Document Control Title: Reference: Original Author(s): Owner: Distribution: Reviewed by: Quality Assured

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT. Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

AGENDA ITEM NO 14 RECOMMENDATION FROM STANDARDS COMMITTEE MEETING OF 12 MAY 2009 - "EMAIL POLICY" Executive Director (AK) [J50]

AGENDA ITEM NO 14 RECOMMENDATION FROM STANDARDS COMMITTEE MEETING OF 12 MAY 2009 - EMAIL POLICY Executive Director (AK) [J50] AGENDA ITEM NO 14 RECOMMENDATION FROM STANDARDS COMMITTEE MEETING OF 12 MAY 2009 - "EMAIL POLICY" Committee: Policy and Resources Date: 23 rd June 2009 Author: Executive Director (AK) [J50] 1.0 ISSUE 1.1

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

Advice leaflet Internet and e-mail policies

Advice leaflet Internet and e-mail policies Advice leaflet Internet and e-mail policies Introduction Electronic communications have revolutionised business communications, although the huge increase in use has taken some organisations by surprise.

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

E-SAFETY POLICY 2014/15 Including:

E-SAFETY POLICY 2014/15 Including: E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable

More information

Policy Document Control Page. Updated to include new NHS mail encryption feature

Policy Document Control Page. Updated to include new NHS mail encryption feature Policy Document Control Page Title Title: Electronic Mail Policy Version: 6 Reference Number: CO6 Keywords: (please enter tags/words that are associated to this policy) Email Supersedes Supersedes: Version

More information

Electronic Communications Guidance for School Staff 2013/2014

Electronic Communications Guidance for School Staff 2013/2014 Our Lady of Lourdes and St Patrick s Catholic Primary Schools Huddersfield Electronic Communications Guidance for School Staff 2013/2014 Updated September 2013 Contents 1. Introduction 2. Safe and responsible

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage. Penrice Academy Acceptable Use Policy for Mobile Digital Devices including ipads September 2014 Date of Review: May 2015 Introduction Penrice Academy ( The Academy ) may grant a licence to use ipads or

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

ICT Acceptable Use Policy

ICT Acceptable Use Policy ICT Acceptable Use Policy Document Management Document Disclaimer This document is issued only for the purpose for which it is supplied. Document Owner This document is produced and owned by Staffordshire

More information

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Safe Haven Procedure. Final. Date Issued March 2009 Review Date March 2010 NHS East Midland Employees. Safe Haven Procedure: v1.

Safe Haven Procedure. Final. Date Issued March 2009 Review Date March 2010 NHS East Midland Employees. Safe Haven Procedure: v1. Safe Haven Procedure Final Version 1.0 (Final) Ratified By Executive Team Originator/Author Fabian Henderson Date Issued March 2009 Review Date March 2010 Target NHS East Midland Employees Safe Haven Procedure:

More information

Managing Email Policy. January 2013

Managing Email Policy. January 2013 Managing Email Policy January 2013 Document Control Title Managing Email Policy Prepared By Records Manager, December 2012 Approved By Head of Corporate Services Division Date of Approval 24 January 2013

More information

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )

ITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy ) ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Trust Advantages and Disadvantages of Using Intranet

Trust Advantages and Disadvantages of Using Intranet Policy No: OP17 Version: 6.0 Name of Policy: Internet, Intranet and Email Acceptable Use Policy Effective From: 04/08/2015 Date Ratified 04/03/2015 Ratified Health Informatics Assurance Committee Review

More information

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document. Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the

More information

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by : GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use Name of regulation : Purpose of regulation : Approval for this regulation given by : Responsibility for its update : Regulation

More information

E-mail & Internet Policy

E-mail & Internet Policy E-mail & Internet Policy Recommending Committee: Approving Committee: Clinical Standards & Focus Council Trust Governance Board Signature: Designation: Chief Executive Date: Version Number: 02 Date: August

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

E-Gap Terms and Conditions of Use

E-Gap Terms and Conditions of Use E-Gap Terms and Conditions of Use User Terms and Conditions The following paragraphs specify the basis on which you may use the e-gap System and provides information on how we will handle your data. This

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Email & Internet Policy

Email & Internet Policy Email & Internet Policy Use of email system and internet services Current Document Status Version V0.2 Approving body Acorn Academy Cornwall Date 11 June 2015 Date of formal approval (if applicable) Responsible

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

With the increasing popularity of social media you need a Social Media Policy to protect your company.

With the increasing popularity of social media you need a Social Media Policy to protect your company. Dear Reader, With the increasing popularity of social media you need a Social Media Policy to protect your company. It can become your biggest nightmare when employees distribute information that s not

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

E-Mail and Internet Policy

E-Mail and Internet Policy E-Mail and Internet Policy Document reference Title: E-Mail and Internet Policy Product ID: Version Number: 8.0 Status: Live Distribution / Issue date: 12 November 2014 Author: K. Fairbrother Review Period:

More information

Organizational Policy

Organizational Policy Approved by: City Manager/General Managers Report No.: n/a Effective: January 1, 2004 Reviewed: July 25, 2012 Amended: July 25, 2012 Next Review: July 25, 2013 Note: Purpose: on The purpose of this policy

More information

Internet and Social Media Policy

Internet and Social Media Policy Internet and Social Media Policy Page 1 of 19 Review and Amendment Log / Control Sheet Responsible Officer: Chief Officer Clinical Lead: Author: Date Approved: Committee: Version: Review Date: Medical

More information

POLICY ON THE USE OF UNIVERSITY INFORMATION AND COMMUNICATION TECHNOLOGY RESOURCES (ICT RESOURCES)

POLICY ON THE USE OF UNIVERSITY INFORMATION AND COMMUNICATION TECHNOLOGY RESOURCES (ICT RESOURCES) Policy Document POLICY ON THE USE OF UNIVERSITY INFORMATION AND COMMUNICATION TECHNOLOGY RESOURCES (ICT RESOURCES) For the definitions of terms used in this policy document refer to the Delegations of

More information

Information Technology Acceptable Use Policy

Information Technology Acceptable Use Policy Information Technology Acceptable Use Policy Overview The information technology resources of Providence College are owned and maintained by Providence College. Use of this technology is a privilege, not

More information

INTERNET, E-MAIL USE AND

INTERNET, E-MAIL USE AND INTERNET, E-MAIL AND TELEPHONE USE AND MONITORING POLICY Originated by: Customer Services LJCC: 10 th April 2008 Full Council: June 2008 Implemented: June 2008 1.0 Introduction and Aim 1.1 The aim of this

More information

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures

TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures TAUNTON PUBLIC SCHOOLS Internet Acceptable Use and Social Networking Policies and Administrative Procedures A. INTERNET ACCEPTABLE USE POLICY OF THE TAUNTON PUBLIC SCHOOLS I. Mission Statement: Academic

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TABLE OF CONTENTS PURPOSE... 4 SCOPE... 4 AUDIENCE... 4 COMPLIANCE & ENFORCEMENT... 4 POLICY STATEMENTS... 5 1. General... 5 2. Authorized Users... 5 3. Loss and Theft... 5 4. Illegal

More information

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review: POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical

More information

Email, Internet & Social Networking Policy Version 3.0. 5 th December 2014

Email, Internet & Social Networking Policy Version 3.0. 5 th December 2014 Email, Internet & Social Networking Policy Lead executive Name / title of author: Chief Nurse Colin Owen, Information Governance and Data Security Lead Date reviewed: October 2014 Date ratified: 5 th December

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

HUMAN RESOURCES POLICIES & PROCEDURES

HUMAN RESOURCES POLICIES & PROCEDURES HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to

More information

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer 1 Terms & Conditions In this section you can find: - Website usage terms and conditions 1, 2, 3 - Website disclaimer -Acceptable internet use policy 1,2,3,4 - Acceptable email use policy 1, 2 - Copyright

More information

Hull Teaching Primary Care Trust INTERNET USE POLICY 06.02.08

Hull Teaching Primary Care Trust INTERNET USE POLICY 06.02.08 Hull Teaching Primary Care Trust INTERNET USE POLICY 06.02.08 C ONTENTS Introduction 3 1. Objectives 3 1.1 Ensure Availability 3 1.2 Preserve Integrity 3 1.3 Preserve Confidentiality 3 1.4 Policy applicable

More information

TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY

TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY TITLE C169 COMPUTER USE, INTERNET & EMAIL POLICY DEPARTMENT Corporate Services POLICY DIRECTIVE HISTORY Council Resolution No 313/03 adopted at the Ordinary Meeting of Council on 19 August 2003. PURPOSE

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Online Research and Investigation

Online Research and Investigation Online Research and Investigation This document is intended to provide guidance to police officers or staff engaged in research and investigation across the internet. This guidance is not a source of law

More information

Dene Community School of Technology Staff Acceptable Use Policy

Dene Community School of Technology Staff Acceptable Use Policy Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,

More information

ELECTRONIC COMMUNICATIONS & INTERNET ACCEPTABLE USE POLICY Document Reference

ELECTRONIC COMMUNICATIONS & INTERNET ACCEPTABLE USE POLICY Document Reference ELECTRONIC COMMUNICATIONS & INTERNET ACCEPTABLE USE POLICY Document Reference Electronic Communications and Internet Acceptable Use Policy P010 Version Number V4.13 Author/Lead Job Title Director s Name

More information

Acceptable Use of ICT Policy For Staff

Acceptable Use of ICT Policy For Staff Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy

More information

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1 Dundalk Institute of Technology Acceptable Usage Policy Version 1.0.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version Revision

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Informatics Policy. Information Governance. Email and Internet Use and Monitoring Policy

Informatics Policy. Information Governance. Email and Internet Use and Monitoring Policy Informatics Policy Information Governance Document Control Document Title Author/Contact Document Reference 3539 Version 6 Pauline Nordoff-Tate, Information Assurance Manager Status Approved Publication

More information

INTERNET, EMAIL AND COMPUTER USE POLICY.

INTERNET, EMAIL AND COMPUTER USE POLICY. INTERNET, EMAIL AND COMPUTER USE POLICY. CONSIDERATIONS Code of Conduct Discipline and termination policy Privacy Policy Sexual Harassment policy Workplace Health & Safety Policy LEGISLATION Copyright

More information

How To Deal With Social Media At Larks Hill J & I School

How To Deal With Social Media At Larks Hill J & I School LARKS HILL JUNIOR & INFANT SCHOOL Social Media Policy Written: Reviewed Autumn Term 2015 Larks Hill J & I School Social Media Policy 1. Introduction For the purposes of this policy, social media refers

More information

Email, Internet & Telephone. Policy and Procedure

Email, Internet & Telephone. Policy and Procedure A Email, Internet & Telephone Policy and Procedure MAYLIM LTD Civil Engineering & Hard Landscaping Contractors 50 52 Wharf Road, G 04 The Wenlock, Islington, London N1 7EU Tel: +44(0)207 785 6996 Fax:

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014 WORTHING COLLEGE STUDENT IT SECURITY POLICY October 2014 Policy name Student Information Technology Security Policy Author: Lesley May/Michael Perry Approved by SLT October 2014 Approved by Corporation

More information

Internet, E-mail and SMS Texting Usage Policy Group Policy

Internet, E-mail and SMS Texting Usage Policy Group Policy Internet, E-mail and SMS Texting Usage Policy Group Policy Scope: This Orbit Housing Group Limited ( Group ) policy provides a set of guidelines for all users within the Group on the proper usage of the

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy Recommending Committee: Approving Committee: Information Governance Steering Group Patient Safety & Experience Council Signature: Designation: Chief Executive Date: Version Number:

More information

Electronic Communications and. Guidance note and template policy

Electronic Communications and. Guidance note and template policy Electronic Communications and Internet policy Guidance note and template policy When employing staff it is useful to create a policy which sets out your standards and requirements of your staff when they

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

Acceptable Use of Information Technology Policy

Acceptable Use of Information Technology Policy Acceptable Use of Information Technology Policy Date created: January 2006 Updated Review date: April June 2008 Review date: Oct Dec 2009 Introduction VAW provides IT facilities for promoting its charitable

More information

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment

More information

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT EMAIL MANAGEMENT POLICY STATEMENT Town of Cottesloe email accounts are intended for business transactions in support of the Town s strategic goals and objectives. Accordingly any email transmission residing

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information governance

Information governance Information governance Staff handbook RDaSH 88 02 Information governance Introduction to information governance Overview 88 03 Information governance or IG - includes information security and confidentiality,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information