INFORMATION TECHNOLOGY SECURITY POLICY
|
|
- Adelia Ross
- 8 years ago
- Views:
Transcription
1 INFORMATION TECHNOLOG SECURIT POLIC Document Author Written By: Deputy Director of IM&T / Interim Head of ICT Authorised Signature Authorised By: Chief Executive Date: February 2015 Date: 17 March 2015 Policy Lead Director: Executive Director of Transformation and Integration Effective Date: 17 March 2015 Review Date: 16 March 2018 Approval at: Policy Management Group Date Approved: 17 March 2015 Information Technology Security Policy Page 1 of 22
2 DOCUMENT HISTOR (Procedural document version numbering convention will follow the following format. Whole numbers for approved versions, e.g. 1.0, 2.0, 3.0 etc. With decimals being used to represent the current working draft version, e.g. 1.1, 1.2, 1.3, 1.4 etc. For example, when writing a procedural document for the first time the initial draft will be version 0.1) Date of Issue Version No. Date Approved Director Responsible for Change 26 Mar Mar 12 Executive Director of Transformation and Integration 14 Jan Executive Director of Transformation and Integration 06 Feb Executive Director of Transformation and Integration 23 Feb Executive Director of Transformation and Integration 17 Mar Mar 15 Executive Director of Transformation and Integration Nature of Change Minor Amendments Via Voting Buttons Ratification / Approval Approved at Provider Executive Board Ratified at Information Governance Steering Group Ratified at Risk Management Committee Approved at Policy Management Group N.B. This Policy relates to the Isle of Wight NHS Trust hereafter referred to as the Trust. Information Technology Security Policy Page 2 of 22
3 SECTION PAGE 1. Executive Summary 4 2. Introduction 4 3. Scope 4 4. Key Responsibilities 4 5. Policy Detail / Course of Action Consultation Implementation / Training / Awareness Dissemination Monitoring & Key Performance Indicators References Links To Other Policies Disclaimer 13 Appendices: A Key Definitions For Documentation 14 B Impact Assessment Forms on Policy Implementation 15 (Including Checklist) C Equality Impact Assessment Tool 17 D Equality Analysis and Action Plan 20 Information Technology Security Policy Page 3 of 22
4 1. EXECUTIVE SUMMAR This document sets out the Trust policy for the protection of the confidentiality, integrity and availability of the computer network and its resources. It establishes the security responsibilities for IT security. It provides reference to documentation relevant to this policy. 2. INTRODUCTION 2.1 The aim of this policy is to ensure the security of the Trust s network. To do this the Trust will: Preserve integrity of the computer network Protect the computer network and its resources from unauthorised or accidental modification ensuring the accuracy and completeness of the Trust's assets. Preserve confidentiality Protect assets against unauthorised disclosure. 3. SCOPE 3.1 The Information Technology Security Policy applies to all business functions and information contained on the computer network, the physical environment and relevant people who support the network. 4. KE RESPONSIBILITIES Head of IT, unless stated otherwise 4.1 Chief Executive The Chief Executive has delegated the overall responsibility for security, policy and implementation to the Senior Information Risk Officer (SIRO). 4.2 Senior Information Risk Officer (SIRO) The SIRO is responsible for ensuring the Information Asset Owners comply with their responsibilities. 4.3 Physical & Environmental Security Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive network equipment will be housed in an environment that is monitored for temperature, humidity and power supply quality. Critical or sensitive network equipment will be housed in secure areas, protected by a secure perimeter, with appropriate security barriers and entry controls. The Head of IT is responsible for ensuring that door lock codes are changed periodically, following a compromise of the code, if s/he suspects the code has been compromised. Critical or sensitive network equipment will be protected from power supply failures. Information Technology Security Policy Page 4 of 22
5 Critical or sensitive network equipment will be protected by intruder alarms and fire suppression systems. Smoking, eating and drinking is forbidden in areas housing critical or sensitive network equipment. All visitors to secure network areas must be authorised by the Head of IT, following a risk assessment. All visitors to secure network areas must be made aware of network security requirements. All visitors to secure network areas must be signed in and out. The log will contain name, organisation, purpose of visit, date, and time in and out. The Head of IT will ensure that all relevant staff are made aware of procedures for visitors and that visitors are escorted, when necessary. For further details see Network operating procedure. 4.4 Access Control to Secure Network Areas Entry to secure areas housing critical or sensitive network equipment will be restricted to those whose job requires it. The Head of IT will maintain and periodically review a list of those with unsupervised access. See service delivery procedure. 4.5 Access Control to the Network Access to the network will be via a secure log-on procedure, designed to minimise the opportunity for unauthorised access. There must be a formal, documented user registration and de-registration procedure for access to the network. Departmental managers must approve user access. Access rights to the network will be allocated on the requirements of the user's role. Security privileges (i.e. 'superuser' or network administrator rights) to the network will be allocated on the requirements of the user's role. 4.6 Third Party Access Control to the Network Third party access to the network will be based on a formal contract that satisfies all necessary NHS security conditions. All third party access to the network must auditable. See network operating procedure. Information Technology Security Policy Page 5 of 22
6 4.7 External Network Connections The Head of IT is responsible for ensuring that all connections to external networks and systems conform to the NHS-wide Network Security Policy, Code of Connection and supporting guidance. The Head of IT must approve all connections to external networks and systems before they commence operation. 4.8 Maintenance Contracts The Head of IT will ensure that maintenance contracts are maintained and periodically reviewed for all network equipment. All contract details will constitute part of the IT Department's Asset register. 4.9 Data and Software Exchange Formal agreements for the exchange of data and software between organisations must be established and approved by the Head of Information Management Fault Logging The Head of IT is responsible for ensuring that a log of all faults on the network is maintained and reviewed. A report of any faults and review of countermeasures will be taken to the IT User Group Security Operating Procedures (SyOps) The Head of IT is responsible for producing Security Operating Procedures (SyOps) and security contingency plans that reflect this Network Security Policy. Where appropriate will co-ordinate with the Local Security Management Specialist (LSMS) so that a robust and integrated security systems SyOps can be developed, which will take into account National Security Intelligence which the LSMS is privy to. Changes to operating procedures must be authorised by the Head of IT Network Operating Procedures The Head of IT is responsible for documented operating procedures for the operation of the computer network and is resources, to ensure its correct, secure operation. Changes to operating procedures must be authorised by the Head of IT. Data Backup and Restoration The Head of IT is responsible for: Ensuring that backup copies of network configuration, network storage and server data are taken regularly. All backup tapes will be stored securely in the fire proof safes Business Continuity & Disaster Recovery Plans The Head of IT is responsible for ensuring that business continuity plans and disaster recovery plans are produced for the network. Information Technology Security Policy Page 6 of 22
7 4.14 Unattended Equipment and Clear Screen The Trust operates a clear screen policy that means users must ensure that workstations are locked or logged off if a workstation is left unattended. Users failing to comply may be subject to disciplinary action Security Responsibilities To produce and implement effective security countermeasures. Produce all relevant security documentation, security operating procedures and contingency plans reflecting the requirements of this Information Technology Security Policy. All such documentation will be included in the IT Department's Asset register. Acting as a central point of contact on information security within the Trust, for both staff and external organisations. Implementing an effective framework for the management of security. Produce Trust standards, procedures and guidance on Information Security matters for approval by the Information User Group. Co-ordinate information security activities particularly those related to shared information systems or IT infrastructures. Liaise with external organisations on information security matters, including representing the Trust on cross-community committees. Creating, maintaining, giving guidance on and overseeing the implementation of IT Security. Representing the Trust on internal and external committees that relate to IT security. Ensuring that risks to IT systems are reduced to an acceptable level by applying security countermeasures identified following an assessment of the risk. Ensuring that access to the Trust's computer network is limited to those who have the necessary authority and clearance. Providing advice and guidance to development teams to ensure that the policy is complied with. Approving system security policies for the infrastructure and common services. Approving tested systems and agreeing rollout plans. Providing a central point of contact on IT security issues. Information Technology Security Policy Page 7 of 22
8 Providing advice and guidance on: Policy Compliance Incident Investigation IT Security Awareness IT Security Training IT Systems Accreditation Security of External Service Provision Contingency Planning for IT systems Proposals have been made to connect the Trust's systems, applications or networks to systems, applications or networks that are operated by external organisations. Passing on the advice of external sources / authorities on IT security matters Information Governance Manager Responsibilities To ensure that appropriate Data Protection Act 1998 notifications are maintained for information stored on the network. Dealing with enquires, from any source, in relation to the Data Protection Act 1998 and facilitating Subject Access Requests. Advising users of information systems, applications and networks of their responsibilities under the Data Protection Act 1998, which may include Subject Access Requests. Advising the Head of IT on breaches of the Data Protection Act 1998 and recommended actions. Encouraging, monitoring and checking compliance with the Data Protection Act Liaising with external organisations regarding Data Protection 1998 Act matters. Promoting awareness and providing guidance and advice related to the Data Protection Act 1998 as it applies within the Trust Information Asset Owners (IAO) Responsibilities Ensuring the security of the network, that is information, hardware and software used by staff and, where appropriate, by third parties is consistent with legal and management requirements and obligations. Ensuring that their staff are made aware of their security responsibilities. Ensuring that their staff have had suitable security training Local Security Management Specialist (LSMS) To undertake the duties of an LSMS in accordance with Secretary of State Directions to health bodies on measures to tackle violence and general security management measures, and any subsequent advice or guidance issued by the NHS SMS. Information Technology Security Policy Page 8 of 22
9 To undergo and successfully complete propriety checking and the professional and accredited training in security management provided by the NHS SMS, and to co-operate with any further training provided by the NHS SMS and with the NHS SMS programme of quality assurance. To undergo and successfully complete propriety checking and the professional and accredited training in security management provided by the NHS SMS, and to co-operate with any further training provided by the NHS SMS and with the NHS SMS programme of quality assurance. To ensure that all NHS security management work is carried out within a professional and ethical framework developed and provided by the NHS SMS. To ensure that an inclusive approach to security management work is taken, involving both internal and external NHS stakeholders where appropriate and necessary. To report to the health body s Security Management Director on security management work locally. To ensure strong links are built with the NHS SMS in particular, with the Area Security Management Specialists (ASMSs). To lead on day-to-day work in their health body to tackle violence against staff and professionals in accordance with the NHS SMS national framework and guidance. To ensure, within the Trust and, where applicable, within those organisations contracted to provide services for the Trust, that: They attend the health body s risk management, health and safety and audit committee meetings and ensure appropriate links are made with the health body s risk assessment process, including the health body s health and safety representatives, so that security-related issues are an integral part of that process. Appropriate steps are taken to create a pro-security culture within the health body and amongst contractors so that staff and patients accept responsibility for this issue and ensure that any security incidents or breaches that occur are detected and reported. They participate in the health body s induction programme for new staff and develop and deliver security awareness sessions for stakeholders. Appropriate security incidents and breaches are publicised in accordance with guidelines issued by the NHS SMS so that a deterrent effect is created User Responsibilities All personnel or agents acting for the Trust have a duty to: Safeguard hardware, software and information in their care. Prevent the introduction of malicious software on the Trust's IT systems. Report on any suspected or actual breaches in security. Information Technology Security Policy Page 9 of 22
10 All users to the computer network will have their own unique user identification and password. Users are responsible for ensuring their password is kept secret (see User Responsibilities). User access rights will be immediately removed or reviewed for those users who have left the Trust or changed roles. Users are responsible for ensuring that they save their own data to the designated network storage area. Users must ensure that they protect the computer network from unauthorised access. They must log off the computer network when finished working. 5. POLIC DETAIL / COURSE OF ACTION 5.1 The overall Information Technology Security Policy for the Trust is described below: 5.2 The Trust s computer network will be available when needed, can be accessed only by authorised users and will contain complete and accurate information. The computer network must also be able to withstand or recover from threats to its availability, integrity and confidentiality. To satisfy this, the Trust will undertake to the following: Protect all hardware, software and information assets under its control. This will be achieved by implementing a set of well-balanced technical and non-technical measures. Provide both effective and cost-effective protection that is commensurate with the risks to its computer network assets. Implement the Information Technology Security Policy in a consistent, timely and cost effective manner. 5.3 Where relevant, the Trust will comply with: Copyright, Designs & Patents Act 1988 Access to Health Records Act 1990 Computer Misuse Act 1990 The Data Protection Act 1998 The Human Rights Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Health & Social Care Act The Trust will comply with other laws and legislation as appropriate. 5.5 The policy must be approved by the Head of IT. Information Technology Security Policy Page 10 of 22
11 6. CONSULTATION 6.1 The policy has been to the IT Seniors Team meeting for discussion and consultation, Information Governance Steering Group and Risk management Group. The recommendation from the latter was that a review should take place in six months time to reflect additional policies currently in production (Agile Worker for example). 7. IMPLEMENTATION / TRAINING / AWARENESS 7.1 This Information Technology Security Policy does not have a mandatory training requirement but the following non mandatory training is recommended. 7.2 The Trust will ensure that all users of the computer network are provided with the necessary security guidance, awareness and where appropriate training to discharge their security responsibilities. 7.3 All users of the computer network must be made aware of the contents and implications of the Information Technology Security Policy. 7.4 Key responsibilities contained in the Information Technology Security policy will be covered by the Information Governance training provided to all staff. 7.5 Irresponsible or improper actions by users may result in disciplinary action(s). 8. DISSEMINATION 8.1 When approved this document will be available on the Intranet and will be subject to document control procedures. Approved documents will be placed on the Intranet within five working days of date of approval once received by the Risk Management Team. 8.2 When submitted to the Risk Management Team for inclusion on the Intranet this document will have fully completed document details including version control. Keywords and description for the Intranet search engine will be supplied by the author at the time of submission. 8.3 Notification of new and revised documentation will be issued on the Front page of the Intranet, through e-bulletin, and on staff notice boards where appropriate. Any controlled documents noted at the Trust Executive Committee / Policy Management Group will be notified through the e-bulletin. 8.4 Staff using the Trust s intranet can access all procedural documents. It is the responsibility of managers to ensure that all staff are aware of where, and how, documents can be accessed within their areas of work. 8.5 It is the responsibility of each individual who prints a hard copy of any document to ensure that the printed hardcopy is the current version. Current versions are maintained on the Intranet. Information Technology Security Policy Page 11 of 22
12 9. MONITORING & KE PERFORMANCE INDICATORS 9.1 Security Audits The Head of IT will require checks on, or an audit of, actual implementations based on approved security policies and kept in a master file. 9.2 Malicious Software Ensure that measures are in place to detect and protect the computer network from viruses and other malicious software. 9.3 Secure Disposal or Re-use of Equipment Ensure that where equipment is being disposed of, IT Department staff must ensure that all data on the equipment (e.g. on hard disks or tapes) is securely overwritten. Where this is not possible IT Department staff should physically destroy the disk or tape. Ensure that where disks are to be removed from the premises for repair, where possible, the data is securely overwritten or the equipment de-gaussed by the IT Department. 9.4 System Change Control Ensure that the Head of IT reviews changes to the security of the computer network. All such changes must be reviewed and approved by the Head of IT. The IT Team leaders are responsible for updating all relevant design documentation, security operating procedures and computer network operating procedures appertaining to their specialty. The Head of IT may require checks on, or an assessment of the actual implementation based on the proposed changes. The Head of IT is responsible for ensuring that selected hardware or software meets agreed security standards. As part of acceptance testing of all new computer network systems, the IT department with the permission of the IT Manager will attempt to cause a security failure and log other criteria against which tests will be undertaken prior to formal acceptance. Testing facilities will be used for all new computer network systems. Development and operational facilities will be separated. 9.5 Security Monitoring Ensure that the computer network is monitored for potential security breaches. All monitoring will comply with current legislation. 9.6 Reporting Security Incidents & Weaknesses All potential security breaches must be investigated and reported to the Head of IT. Security incidents and weaknesses must be reported in accordance with the requirements of the Trust's incident reporting procedure. 9.7 System Configuration Management Ensure that there is an effective configuration management system for the computer network. Information Technology Security Policy Page 12 of 22
13 10. REFERENCES 10.1 Copyright, Designs & Patents Act 1988 Access to Health Records Act 1990 Computer Misuse Act 1990 The Data Protection Act 1998 The Human Rights Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Health & Social Care Act LINKS TO OTHER POLICIES / DOCUMENTS 11.1 Network Operating Procedure Service Delivery Procedure 12. DISCLAIMER 12.1 It is the responsibility of all staff to check the Trust intranet to ensure that the most recent version / issue of this document is being referenced. Information Technology Security Policy Page 13 of 22
14 Appendix A KE DEFINITIONS FOR DOCUMENTATION Define any word or phrase that may need explaining or clarifying in more detail Configuration Management - focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life. Computer Network refers to all the IT resources of the Trust (the Data centre, the wired and wireless networks, desktop pcs, servers etc.) Information Technology Security Policy Page 14 of 22
15 CHECKLIST FOR THE DEVELOPMENT AND APPROVAL OF CONTROLLED DOCUMENTATION Appendix B To be completed and attached to any document when submitted to the appropriate committee for consideration and approval. Title of document being reviewed: /N/ Unsure Comments 1. Title/Cover Is the title clear and unambiguous? Does the title make it clear whether the controlled document is a guideline, policy, protocol or standard? 2. Document Details and History Have all sections of the document detail/history been completed? 3. Development Process Is the development method described in brief? Are people involved in the development identified? Do you feel a reasonable attempt has been made to ensure relevant expertise has been used? 4. Review and Revision Arrangements Including Version Control Is the review date identified? Is the frequency of review identified? If so, is it acceptable? Are details of how the review will take place identified? Does the document identify where it will be held and how version control will be addressed? 5. Approval Does the document identify which committee/group will approve it? If appropriate have the joint Human Resources/staff side committee (or equivalent) approved the document? N 6. Consultation Do you have evidence of who has been consulted? 7. Table of Contents Has the table of contents been completed and checked? 8. Summary Points Have the summary points of the document been included? 9. Definition Is it clear whether the controlled document is a guideline, policy, protocol or standard? 10. Relevance Has the audience been identified and clearly stated? 11. Purpose Are the reasons for the development of the document stated? 12. Roles and Responsibilities Are the roles and responsibilities clearly identified? 13. Content Is the objective of the document clear? Is the target population clear and unambiguous? Are the intended outcomes described? Are the statements clear and unambiguous? Information Technology Security Policy Page 15 of 22
16 Title of document being reviewed: 14. Training Have training needs been identified and documented? 15. Dissemination and Implementation Is there an outline/plan to identify how this will be done? Does the plan include the necessary training/support to ensure compliance? 16. Process to Monitor Compliance and Effectiveness Are there measurable standards or Key Performance Indicators (KPIs) to support the monitoring of compliance with and effectiveness of the document? Is there a plan to review or audit compliance within the document? Is it clear who will see the results of the audit and where the action plan will be monitored? 17. Associated Documents Have all associated documents to the document been listed? 18. References Have all references that support the document been listed in full? 19. Glossary Has the need for a glossary been identified and included within the document? 20. Equality Analysis Has an Equality Analysis been completed and included with the document? 21. Archiving Have archiving arrangements for superseded documents been addressed? Has the process for retrieving archived versions of the document been identified and included within? 22. Format and Style Does the document follow the correct style and format of the Document Control Procedure? 23. Overall Responsibility for the Document Is it clear who will be responsible for co-ordinating the dissemination, implementation and review of the documentation? Committee Approval /N/ Unsure Comments Distributed Trust Policy Section of Intranet If the committee is happy to approve this document, please sign and date it and forward copies for inclusion on the Intranet. Name of Committee Print Name Date Signature of Chair Information Technology Security Policy Page 16 of 22
17 Appendix C IMPACT ASSESSMENT ON DOCUMENT IMPLEMENTATION Summary of Impact Assessment (see next page for details) Document title Information technology Security Policy Totals WTE Recurring Non Recurring Manpower Costs Nil Nil Nil Training Staff Nil Nil Nil Equipment & Provision of resources Nil Nil Nil Summary of Impact: All referral systems and processes detailed in this policy are already embedded within the Trust. The approval and implementation of this policy will incur no further costs. Risk Management Issues: The implementation of this policy should ensure that any significant Information Security and Governance risk to the Trust are minimised. Benefits / Savings to the organisation: Equality Impact Assessment Has this been appropriately carried out? ES Are there any reported equality issues? NO If ES please specify: Use additional sheets if necessary. Information Technology Security Policy Page 17 of 22
18 IMPACT ASSESSMENT ON POLIC IMPLEMENTATION Please include all associated costs where an impact on implementing this policy has been considered. A checklist is included for guidance but is not comprehensive so please ensure you have thought through the impact on staffing, training and equipment carefully and that ALL aspects are covered. Manpower WTE Recurring Non-Recurring Operational running costs Additional staffing required - by affected areas / departments: Nil Nil Nil Totals: Staff Training Impact Recurring Non-Recurring Affected areas / departments Nil Nil e.g. 10 staff for 2 days Totals: 1 Equipment and Provision of Resources Recurring * Non-Recurring * Accommodation / facilities needed Nil Nil Building alterations (extensions/new) Nil Nil IT Hardware / software / licences Nil Nil Medical equipment Nil Nil Stationery / publicity Nil Nil Travel costs Nil Nil Utilities e.g. telephones Nil Nil Process change Nil Nil Rolling replacement of equipment Nil Nil Equipment maintenance Nil Nil Marketing booklets/posters/handouts, etc Nil Nil Totals: Capital implications 5,000 with life expectancy of more than one year. Funding /costs checked & agreed by finance: Signature & date of financial accountant: N/A N/A Information Technology Security Policy Page 18 of 22
19 Funding / costs have been agreed and are in place: Signature of appropriate Executive or Associate Director: N/A N/A IMPACT ASSESSMENT ON DOCUMENT IMPLEMENTATION - CHECKLIST Points to consider Have you considered the following areas / departments? Have you spoken to finance / accountant for costing? Where will the funding come from to implement the policy? Are all service areas included? o Ambulance o Acute o Mental Health o o Community Services, e.g. allied health professionals Public Health, Commissioning, Primary Care (general practice, dentistry, optometry), other partner services, e.g. Council, PBC Forum, etc. Departments / Facilities / Staffing Transport Estates o Building costs, Water, Telephones, Gas, Electricity, Lighting, Heating, Drainage, Building alterations e.g. disabled access, toilets etc Portering Health Records (clinical records) Caretakers Ward areas Pathology Pharmacy Infection Control Domestic Services Radiology A&E Risk Management Team / Information Officer responsible to ensure the policy meets the organisation approved format Human Resources IT Support Finance Rolling programme of equipment Health & safety/fire Training materials costs Impact upon capacity/activity/performance Information Technology Security Policy Page 19 of 22
20 Appendix D Equality Analysis and Action Plan (This template should be used when assessing services, functions, policies, procedures, practices, projects and strategic documents) Step 1. Identify who is responsible for the equality analysis. Name: Jake Gully Role: Interim Head of ICT Other people or agencies who will be involved in undertaking the equality analysis: Step 2. Establishing relevance to equality Show how this document or service change meets the aims of the Equality Act 2010? Equality Act General Duty Eliminates unlawful discrimination, harassment, victimization and any other conduct prohibited by the Act. Advance equality of opportunity between people who share a protected characteristic and people who do not share it Foster good relations between people who share a protected characteristic and people who do not share it. Step 3. Relevance to Equality Act General Duties There are no discrimination issues relating to this policy Relevant to all staff N/A Scope your equality analysis What is the purpose of this document or service change? Who will benefits? What are the expected outcomes? Relevance Protected Groups Staff Service Users Wider Community Age Gender Reassignment Race Sex and Sexual Orientation Religion or belief Disability Marriage and Civil Partnerships Human Rights Pregnancy and Maternity Scope This document has been reviewed in line with the policy review date. All staff. To ensure that all staff are aware of their responsibilities in relation to Information Governance Information Technology Security Policy Page 20 of 22
21 Why do we need this document or do we need to change the service? To meet legislative requirements, reduce the risk of Information Governance related incidents and ensure organisational learning. It is important that appropriate and relevant information is used about the different protected groups that will be affected by this document or service change. Information from your service users is in the majority of cases, the most valuable. Information sources are likely to vary depending on the nature of the document or service change. Listed below are some suggested sources of information that could be helpful: Results from the most recent service user or staff surveys. Regional or national surveys Analysis of complaints or enquiries Recommendations from an audit or inspection Local census data Information from protected groups or agencies. Information from engagement events. Step 4. Analyse your information. As yourself two simple questions: What will happen, or not happen, if we do things this way? What would happen in relation to equality and good relations? In identifying whether a proposed document or service changes discriminates unlawfully, consider the scope of discrimination set out in the Equality Act 2010, as well as direct and indirect discrimination, harassment, victimization and failure to make a reasonable adjustment. Findings of your analysis No major change Adjust your document or service change proposals Continue to implement the document or service change Stop and review Description our analysis demonstrates that the proposal is robust and the evidence shows no potential for discrimination. This involves taking steps to remove barriers or to better advance equality outcomes. This might include introducing measures to mitigate the potential effect. Despite any adverse effect or missed opportunity to advance equality, provided you can satisfy yourself it does not unlawfully discriminate. Adverse effects that cannot be justified or mitigated against, you should Justification of your analysis Implementation of this policy will have no potential for discrimination, as it applies to all staff. Information Technology Security Policy Page 21 of 22
22 consider stopping the proposal. ou must stop and review if unlawful discrimination is identified 5. Next steps. 5.1 Monitoring and Review. Equality analysis is an ongoing process that does not end once the document has been published or the service change has been implemented. This does not mean repeating the equality analysis, but using the experience gained through implementation to check the findings and to make any necessary adjustments. Consider: How will you measure the effectiveness of this change When will the document or service change be reviewed? Through regular monitoring and reporting as defined in the policy Annually in November of each year in preparation for the completion of the annual IG Toolkit assessment. Who will be responsible for monitoring and review? Deputy Director of IM&T, Risk Management and the Information Governance Steering Group What information will you need for monitoring? How will you engage with stakeholders, staff and service users Evidence of all IS and IG related work initiatives and Incident investigation from Datix Through consultation and discussion 5.2 Approval and publication The Trust Executive Committee / Policy Management Group will be responsible for ensuring that all documents submitted for approval will have completed an equality analysis. Useful links: Under the specific duties of the Act, equality information published by the organisation should include evidence that equality analyses are being undertaken. These will be published on the organisations Equality, Diversity and Inclusion website. Equality and Human Rights Commission Information Technology Security Policy Page 22 of 22
Rotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationCLAIMS HANDLING & MANAGEMENT POLICY
CLAIMS HANDLING & MANAGEMENT POLIC Including Clinical Negligence, Liabilities to Third Parties and Property Expenses Scheme Claims Document Author Written By: Clinical Risk & Claims Manager Date: October
More informationBEING OPEN POLICY (incorporating Duty of Candour)
BEING OPEN POLIC (incorporating Duty of Candour) To be read in conjunction with the Being Open Procedure and Guidance Document Author Written By: Clinical Risk & Claims Manager supported by Patient Experience
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationRecord Management Policy
Record Management Policy Author: Kate Ayres, Governance Facilitator Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: March 2006 Version:
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationSECURITY POLICY. Written By: Security Management Action Group. Authorised By: Chief Executive. Date: November 2014. Date: 18 th November 2014
SECURITY POLICY Document Author Written By: Security Management Action Group Date: November 2014 Authorised Authorised By: Chief Executive Date: 18 th November 2014 Lead Director: Executive Medical Director
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationType of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience
More informationData Quality Policy SH NCP 2. Version: 5. Summary:
SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to
More informationTRUST SECURITY MANAGEMENT POLICY
TRUST SECURITY MANAGEMENT POLICY EXECUTIVE SUMMARY The Board recognises that security management is an integral part of good, effective and efficient risk management practise and to be effective should
More informationPolicy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25
Information Security Policy Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Document Information Trust Policy Number : ULH-IM&T-ISP01 Version : 3.1 Status : Approved Issued by : Information Governance
More informationIS INFORMATION SECURITY POLICY
IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Security Policy Version Number Next
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationINTELLECTUAL PROPERTY MANAGEMENT POLICY
INTELLECTUAL PROPERTY MANAGEMENT POLICY Document Author Written By: Alexandra Punter Authorised Signature Authorised By: Karen Baker Signed: Date: 22 November 2013 Job Title: Research Management & Governance
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationDate of review: Information Governance Group January 2016. Policy Category: CONTENT SECTION DESCRIPTION PAGE
Title: Date Approved: January 2015 Division/Department: Corporate Services Corporate Records Policy Approved by: Date of review: Information Governance Group January 2016 Author (post-holder): Interim
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationINFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY
Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationHow To Manage Risk In Ancient Health Trust
SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationAccess Control Policy V1.0
V1.0 January 2014 Table of Contents 1. Introduction... 3 2. Purpose of this Policy/Procedure... 3 3. Scope... 3 4. Definitions / Glossary... 4 5. Ownership and Responsibilities... 4 5.1. Role of the Chief
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationYMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationVersion: Date adopted: publication: Review date: September 2015. Expiry date: March 2016. Target audience: All staff
Asbestos Policy The Asbestos Policy provides guidance to ensure that all appropriate steps are taken to comply with the duty to manage asbestos and comply with asbestos related legislation, codes of practice
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationRules for the use of the IT facilities. Effective August 2015 Present
Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.
More informationBusiness Continuity Policy
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
More information